Cisco DHCP Snooping
- Cisco switch listens to dhcp traffic and protects against rogue DHCP servers.
- Links
Example - for 48 port switch with uplinks on 49-51 and router with ip helper on 1 and pc's in vlan 64
ip dhcp snooping ip dhcp snooping vlan 64 ip dhcp snooping information option format remote-id hostname ip dhcp snooping database flash:dhcp-snooping-info int range Gig 1/0/49-52 , Gig 1/0/1 ip dhcp snooping trust
- Monitor with
sh ip dhcp snooping sh ip dhcp snooping binding sh ip dhcp snooping database
- For more security add Source Guard, limiting traffic to valid dhcp configured devices on a per port basis
- ip verify source vlan dhcp-snooping