An important part of passing the Cisco CCNP BCMSN exam and protect the network from intrusions is that the protocols and services daily to work against us to recognize that once intruded into our network.
It can be hard to believe, but something as innocent as DHCP can actually cause problems for the network. If a host sends a packet to the DHCP discover, listen DHCPOFFER packets - and accepts the first proposal that is!
Part of this is the address DHCPOFFERthat the host must set its default gateway. What happens if a DHCP server that is not part of our network - a rogue DHCP server - is placed on that subnet?
If the host uses the DHCPOFFER from the rogue server would host the final with the rogue server as the default gateway or DNS server!
We can prevent this DHCP snooping. DHCP snooping interface is classified as trusted or untrusted.
Message received the DHCPtrust interfaces will be allowed through the switch, but the DHCP messages received on untrusted interface result in the interface itself will be put into err-disabled state.
By default, the switch considers all ports of trust - this means you better remember to configure the switch for some ports, when you enable DHCP snooping trust!
First, we need to enable DHCP snooping on the entire switch:
SW1 (config) # ip dhcp snooping
To enable DHCP snooping on a specificVLAN, use the ip dhcp snooping.
SW1 (config) # ip dhcp snooping vlan 4
Ports can be configured as familiar with the ip dhcp snooping trust command.
SW1 (config-if) # ip dhcp snooping trust
There are other options available DHCP snooping, and we'll see some of these in a future tutorial. DHCP Snooping is an important topic for the CCNP BCMSN exam, and it is equally important in real-world networks - where to get familiar with both the examination room andnetwork room!
Tags : AutoCAD LT 2010 Store. LOWER Prices in Same Item Gaming Desktop Guide Baldor Motors
No comments:
Post a Comment