- Bronze, 100 points or more
<p>Hi every body!</p>
<p>Let say we have a switch which is configured with dhcp snooping anf ip source guard.</p>
<p> dhcp server-------sw f0/1------------h1</p>
<p>Let say hi sends dhcp reques message and get an ip1 assigned. Dhcp snooping database was updated accordingly with the entry</p>
<p>mac 1 ip1 f0/1</p>
<p>Now i replace the h1 and plug in hub to f0/1.</p>
<p>h1 and h2(another host0 is connected to hub.</p>
<p>h2 sends the dhcp req now what would happen?</p>
<p>Will ip source guard feature kick in?</p>
<p>Thanks a lot!</p>
Just i got a chance to view your forum.
You mention that if DHCP snooping & IP Source guard is enabled in the switch, only the traffic matching the rule or binding is allowed.
But the fact is in ip source guard enabled switch in any condition the IP traffic is blocked except for the following:
1. DHCP packets, which DHCP snooping inspects and then forward
2. IP traffic from static ip source entries that you have configured.
Kindly let me know if you have difference of opinion
When (IP Source-Guard) is enabled, the Switch Creats Port Access-list and filters or IP traffic coming to the interface.
Only the traffic Source by the DHCP which are in the DHCP binding database are allowed.