Our Free Study Guides and Practice Exams Will Make You Certifiable!
 Home

HOME | EXAM DETAILS | FREE TESTS | STUDY GUIDES | GLOSSARY | ARTICLES | BOOKS & TRAINING | FORUMS | CAREER & JOBS
 MICROSOFT
 COMPTIA
 CISCO
 CIW
 LPI
 RED HAT
 IBM
 FREE MAGAZINES
 WHITE PAPERS
 TOPSITES
 CONTRIBUTORS
 SITE MAP
 SITE FAQ
 


Users online
total users: 1027
Last Post
Certification details ?
by I Want More CowBell
Jul. 23, 2008 21:01
Board statistics
We have a total of 80710 posts!
 TechTutorials
 CertifyPro
 Certnotes
 Web Host Reviews
 CBT Training
 MCSE Boot Camp
 MCSE Training

DHCP Snooping
An important part of passing the Cisco CCNP BCMSN exam and protecting your network from intruders is to recognize that even everyday protocols and services can work against us once that intruder is in our network.

It may be hard to believe, but something as innocent as DHCP can actually lead to trouble for your network. When a host sends out a DHCPDiscovery packet, it listens for DHCPOffer packets - and accepts the first Offer it gets!

Part of that DHCPOffer is the address to which the host should set its default gateway. What if a DHCP server that does not belong on our network - a rogue DHCP server - is placed on that subnet?

If that host uses the DHCPOffer from the rogue server, the host could end up using the rogue server as its default gateway or DNS server!

We can prevent this with DHCP Snooping. DHCP Snooping classifies interfaces as either trusted or untrusted.

DHCP messages received on trusted interfaces will be permitted to pass through the switch, but DHCP messages received on untrusted interface result in the interface itself being placed into err-disabled state.

By default, the switch considers all ports untrusted - which means we better remember to configure the switch to trust some ports when we enable DHCP Snooping!

First, we need to enable DHCP Snooping on the entire switch:

SW1(config)#ip dhcp snooping

To enable DHCP Snooping for a particular VLAN, use the ip dhcp snooping command.

SW1(config)#ip dhcp snooping vlan 4

Ports can then be configured as trusted with the ip dhcp snooping trust command.

SW1(config-if)#ip dhcp snooping trust

There are other options available with DHCP Snooping, and we'll look at some of those in a future tutorial. DHCP Snooping is an important topic for your CCNP BCMSN exam, and it's just as important in real-world networks!

About the Author:
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!


 CareerAcademy
Certification training videos with private instructors. Topics cover Microsoft MCSE, CompTIA, CISSP & Cisco exams. Courses also come with official practice exams with 7x24 mentors.
more products...
 Netwind Learning
Free Demo. Certification Training for A+, MCSE, MCTS Microsoft.NET, Cisco CCNA, CCNP, CCVP, CCSP, Java, Oracle, Linux, PMP and 100's of other courses.
more products...
 EDULEARN
Certification Training on CD-ROMs & Videos: Microsoft MCSE Training, A+ Certification, Windows 2003, & Free demos. MCSE certification training includes videos and labs.
more products...
 Training Planet
Nationwide Computer Training Boot Camp Classes and also CD based training courses A+ Certification, Cisco Training, MCSE, CISSP, Autocad, Office, PMP, SOX, PC Diagnostics
more products...


ADVERTISE | PARTNERSHIPS | PRIVACY POLICY | DISCLAIMER | | CONTACT


IT Showcase