Cisco DHCP Snooping

Cisco switch listens to dhcp traffic and protects against rogue DHCP servers.
Links
- http://packetpushers.net/ccnp-studies-configuring-dhcp-snooping/
Example - for 48 port switch with uplinks on 49-51 and router with ip helper on 1 and pc's in vlan 64

ip dhcp snooping 
ip dhcp snooping vlan 64     
ip dhcp snooping information option format remote-id hostname 
ip dhcp snooping database flash:dhcp-snooping-info

int range Gig 1/0/49-52 , Gig 1/0/1                            
ip dhcp snooping trust

Monitor with

sh ip dhcp snooping
sh ip dhcp snooping binding 
sh ip dhcp snooping database

For more security add Source Guard, limiting traffic to valid dhcp configured devices on a per port basis
- ip verify source vlan dhcp-snooping

Cisco/DhcpSnooping (last edited 2015-01-05 15:34:32 by PieterSmit)

Page.execute = 0.001s
getACL = 0.000s
init = 0.001s
load_multi_cfg = 0.000s
run = 0.012s
send_page = 0.011s
send_page_content = 0.002s
total = 0.013s