From the course: Cisco Network Security: Secure Routing and Switching
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Implement DHCP snooping
From the course: Cisco Network Security: Secure Routing and Switching
Implement DHCP snooping
- [Instructor] On a network, DHCP clients should only accept IP addresses from authorized DHCP servers. DHCP snooping prevents unauthorized, untrusted DHCP servers from offering IP addresses. Rogue DHCP servers are used in man in the middle attacks. But this can also occur if someone activates a rogue DHCP server by plugging in a consumer grade router. DHCP snooping on a switch works with IP source guard and dynamic ARP inspection. DHCP snooping works on a concept of trusted ports and untrusted ports. Trusted ports are interfaces that connect to authorized DHCP servers and switch uplinks. Untrusted ports are user access ports. DHCP snooping stores values in a database that contains client MAC addresses, assigned IP addresses, lease time, VLANs, and switchport. DHCP snooping drops unacceptable DHCP traffic, which this traffic can include untrusted DHCP server traffic, an invalid MAC address or even a DHCP release. And that would be someone trained to get a client to give up their IP…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.