DHCP Snooping
- DHCP snooping is a feature that provides network security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding database.
- acts like a firewall between untrusted hosts and DHCP servers.
- One can use DHCP snooping to differentiate between untrusted interfaces connected to the end user and trusted interfaces connected to the DHCP server or another switch.
enable snooping globally:
ip dhcp snooping
ip dhcp snooping vlan #
interface command:
interface FastEthernet 0/1
ip dhcp snooping trust
ip dhcp snooping limit rate 200
IP Source Guard
- IP Source Guard is a Catalyst security feature related to DHCP snooping.
- IP source guard helps prevent IP spoofing by enabling only the IP addresses obtained through DHCP snooping on a particular port. When a client receives an IP address from the authorized DHCP server, a port access control list (PACL) is installed on the port. This PACL enables traffic in the interface if it is sourced from the DHCP provided IP address.
global command:
ip verify source vlan dhcp-snooping port-security
VIRTUALRACK for Network Engineers... This blog is all about networking technologies that drives the human network today... Welcome to the Human Network!!
No comments:
Post a Comment