DHCP Snooping

sherif.girgis · ‎01-12-2008

Hi All

I have a network that contains more than 4000 nodes and I use Cisco Switches and Routers in my network as well as other non managable switches like DLink,LinkSys,etc..

I have the problem or ARP Spoofing in my network so I decided to use DHCP Snooping feature on the Cisco Switches to fix this problem but my network also contains non-managable switches so can anyone tell me how to use the DHCP snooping feature in a network containing cisco and non cisco switches?

I know how to configure DHCP snooping in cisco switches but i want to know how to use it with other switches.

All the network runs behind a PIX.

Please help me about this.

j.jeater · ‎01-14-2008

Hi,

Firstly you need to run Dynamic ARP Inspection and maybe IP Source Guard which usually work with DHCP Snooping.

You have to set the interface to untrusted and manually build ARP ACLs, it's sounds horrible and I'm glad I've managed to avoid it up til now.

Here's the section from the 3750 manual:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swdynarp.html#wp1038489

Hope this helps.

Jim.

sherif.girgis · ‎01-14-2008

Hi Jim

Thanks for your reply but not all the switches in my network are managable cisco switches so can i still use DHCP Snooping on the main Cisco switches and will this fix the problem or the problem will still exist in the lower level of the network.

Hope you got what i mean.

Thanks for your help

j.jeater · ‎01-15-2008

Hi,

It will exist on the unmanaged switches but you can limit it on the Cisco's.

sherif.girgis · ‎01-15-2008

Hi Jim

Thanks for your reply.I just wanted to know if the problem will still exist on the unmanaged switches.

Thanks for your help