11-27-2007 06:43 AM - edited 03-03-2019 07:41 PM
Hi,
I'm planning to enable DHCP snooping. Recently, i did some reading on the subject. One thing that i'm not sure.
My network consist of having several remote site all linked through a MPLS network.
I have a primary and secondary dhcp server which is found in the IT center, First thing i need to trust is both ports that have the dhcp servers connected.
my question is do i need to trust all my uplink ports (trunk ports) that are located in my remote sites to let the DHCPoffer come through.
thx
11-30-2007 08:47 AM
Hi Tony,
When configuring DHCP snooping on switches on your network, you must configure all trunk ports as DHCP trusted ports. This will allows the DHCPoffer and ACK packets to pass.
HTH, Please rate posts if it does.
Regards
Stephen
11-30-2007 10:15 AM
Hi Stephen,
thx for your answer.
Regards
12-02-2007 08:02 PM
Hi,
DHCP snooping really require to configure this feature.
In my view,DHCP snooping will be used not to trust other DHCP server in the network.
But If the companies having windows 2003 environment,DHCP server will not work until they give permissions.
Suggest me please.
12-02-2007 08:14 PM
Hi,
Attacker could act from DHCP server subnet and could reply to DHCP server request.The reply may also contain itself as the gateway,hence all traffic would be forwarded to him..
The legitimate DHCP server are put on trusted port and all host on untrusted port.Trusted port is the interface where only the replies are expected.So any reply coming from untrusted ports are discarded .Reply from ports are matched with the dhcp binding table,which have all info abt the ip,mac etc and hence kept a track.
12-03-2007 08:05 AM
Hi,
thx for all your help, i got this working properly.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: