Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
9
Helpful
5
Replies

DHCP snooping

tonyp8581
Level 1
Level 1

‎11-27-2007 06:43 AM - edited ‎03-03-2019 07:41 PM

Hi,

I'm planning to enable DHCP snooping. Recently, i did some reading on the subject. One thing that i'm not sure.

My network consist of having several remote site all linked through a MPLS network.

I have a primary and secondary dhcp server which is found in the IT center, First thing i need to trust is both ports that have the dhcp servers connected.

my question is do i need to trust all my uplink ports (trunk ports) that are located in my remote sites to let the DHCPoffer come through.

thx

Labels:
0 Helpful
5 Replies 5

stephen.stack
Level 4
Level 4

‎11-30-2007 08:47 AM

Hi Tony,

When configuring DHCP snooping on switches on your network, you must configure all trunk ports as DHCP trusted ports. This will allows the DHCPoffer and ACK packets to pass.

HTH, Please rate posts if it does.

Regards

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

tonyp8581
Level 1
Level 1
In response to stephen.stack

‎11-30-2007 10:15 AM

Hi Stephen,

thx for your answer.

Regards

0 Helpful

nasheer.ahmad
Level 1
Level 1
In response to tonyp8581

‎12-02-2007 08:02 PM

Hi,

DHCP snooping really require to configure this feature.

In my view,DHCP snooping will be used not to trust other DHCP server in the network.

But If the companies having windows 2003 environment,DHCP server will not work until they give permissions.

Suggest me please.

0 Helpful

s.arunkumar
Level 3
Level 3
In response to nasheer.ahmad

‎12-02-2007 08:14 PM

Hi,

Attacker could act from DHCP server subnet and could reply to DHCP server request.The reply may also contain itself as the gateway,hence all traffic would be forwarded to him..

The legitimate DHCP server are put on trusted port and all host on untrusted port.Trusted port is the interface where only the replies are expected.So any reply coming from untrusted ports are discarded .Reply from ports are matched with the dhcp binding table,which have all info abt the ip,mac etc and hence kept a track.

0 Helpful

tonyp8581
Level 1
Level 1
In response to s.arunkumar

‎12-03-2007 08:05 AM

Hi,

thx for all your help, i got this working properly.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card