⇤ ← Revision 1 as of 2015-01-05 14:57:49
595
Comment: Create page.
|
← Revision 2 as of 2015-01-05 15:34:32 ⇥
879
Add SourceGuard Info.
|
Deletions are marked like this. | Additions are marked like this. |
Line 5: | Line 5: |
* Links * http://packetpushers.net/ccnp-studies-configuring-dhcp-snooping/ |
|
Line 10: | Line 12: |
ip dhcp snooping database flash:dhcp-snooping-info | |
Line 14: | Line 16: |
}}}\ | }}} |
Line 21: | Line 23: |
* For more security add Source Guard, limiting traffic to valid dhcp configured devices on a per port basis * ip verify source vlan dhcp-snooping |
Cisco DHCP Snooping
- Cisco switch listens to dhcp traffic and protects against rogue DHCP servers.
- Links
Example - for 48 port switch with uplinks on 49-51 and router with ip helper on 1 and pc's in vlan 64
ip dhcp snooping ip dhcp snooping vlan 64 ip dhcp snooping information option format remote-id hostname ip dhcp snooping database flash:dhcp-snooping-info int range Gig 1/0/49-52 , Gig 1/0/1 ip dhcp snooping trust
- Monitor with
sh ip dhcp snooping sh ip dhcp snooping binding sh ip dhcp snooping database
- For more security add Source Guard, limiting traffic to valid dhcp configured devices on a per port basis
- ip verify source vlan dhcp-snooping