Differences between revisions 1 and 2

Cisco DHCP Snooping

Cisco switch listens to dhcp traffic and protects against rogue DHCP servers.
Links
- http://packetpushers.net/ccnp-studies-configuring-dhcp-snooping/
Example - for 48 port switch with uplinks on 49-51 and router with ip helper on 1 and pc's in vlan 64

ip dhcp snooping 
ip dhcp snooping vlan 64     
ip dhcp snooping information option format remote-id hostname 
ip dhcp snooping database flash:dhcp-snooping-info

int range Gig 1/0/49-52 , Gig 1/0/1                            
ip dhcp snooping trust

Monitor with

sh ip dhcp snooping
sh ip dhcp snooping binding 
sh ip dhcp snooping database

For more security add Source Guard, limiting traffic to valid dhcp configured devices on a per port basis
- ip verify source vlan dhcp-snooping

-  ⇤ ← Revision 1 as of 2015-01-05 14:57:49 → 
  Size: 595
  Editor: PieterSmit
  Comment: Create page.
+   ← Revision 2 as of 2015-01-05 15:34:32 → ⇥
  Size: 879
  Editor: PieterSmit
  Comment: Add SourceGuard Info.
-Deletions are marked like this.
+Additions are marked like this.
 Line 5:
+ * Links
   * http://packetpushers.net/ccnp-studies-configuring-dhcp-snooping/
-Line 10:
+Line 12:
+ip dhcp snooping database flash:dhcp-snooping-info
-Line 14:
+Line 16:
-}}}\
+}}}
-Line 21:
+Line 23:
+ * For more security add Source Guard, limiting traffic to valid dhcp configured devices on a per port basis
   *  ip verify source vlan dhcp-snooping