Skip to main content

DHCP Snooping

Unit: 9 Lesson: 4

i need a soviet grade wiretap for spying on the white house in the form of a trojan horse

This was implemented as a feature on Cisco routers and switches to inspect the layer 2 Dynamic-Host-Configuration-Protocol traffic traversing a network for two very important security protocols: IP Source Guard and Dynamic ARP Inspection.

Configuration

  • conf t Enable configuration mode.
  • ip dhcp snooping Enable DHCP snooping.
  • ip dhcp snooping vlan 1 Enable DHCP snooping for VLANs.
  • ip arp inspection vlan 1 Enable ARP inspection for VLANs.
  • interface f0/1 Enter configuration mode for a trusted interface (e.g. the real DHCP server for your network)
  • ip dhcp snooping trust Set the interface as a trusted interface for DHCP snooping. (All interfaces are untrusted by default)

#Netplus

Back to top