Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

DHCP Snooping to prevent rogue attacks

Existing configuration:

CORE SWITCH 1

Interface Vlan 3

Ip address 10.62.252.252 255.255.255.0

Ip address 100.179.22.252  255.255.255.0 secondary

Ip helper-address 10.62.252.5  <local dhcp server>

Ip helper-address 10.66.10.10  <located in remote site>

CORE SWITCH 2

Interface Vlan 3

Ip address 10.62.252.253 255.255.255.0

Ip address 100.179.22.253 255.255.255.0 secondary

Ip helper-address 10.62.252.5

Ip helper-address 10.66.10.10


Proposed Configuration:

For the attached topology, I wanted to enable dhcp snooping to prevent rogue dhcp attacks.

Access Switch 1 to 5:


AccessSwitch(config)# ip dhcp snooping

AccessSwitch(config)# ip dhcp snooping vlan 3

Under all the uplinks:

AccessSwitch(config-if)# ip dhcp snooping trust

Core\Distribution Switch 1 and 2:

CoreSwitch1(config)# Interface fa 0/1

CoreSwitch1(config-if)# ip dhcp snooping trust

CoreSwitch1(config)# ip dhcp snooping

CoreSwitch1(config)# ip dhcp snooping vlan 3

CoreSwitch1(config)# int vlan 3

CoreSwitch1(config)# ip dhcp relay information trusted

CoreSwitch1(config)#interface po 1

CoreSwitch1(config)#ip dhcp snooping trust

CoreSwitch2(config)# ip dhcp snooping

CoreSwitch2(config)# ip dhcp snooping vlan 3

CoreSwitch2(config)# int vlan 3

CoreSwitch2(config)# ip dhcp relay information trusted

CoreSwitch2(config)#interface po 1

CoreSwitch2(config)#ip dhcp snooping trust

and enable on trust on the uplinks to core to access switches..

Now, since the secondary dhcp server is on remote site and it should reach over WAN cloud,  should i enable trust on the uplinks to my MPLS and DSL routers as well ?

I wanted to know if any changes or additional configuration required.

Regards Vinayak
Everyone's tags (1)
1 REPLY
New Member

Re: DHCP Snooping to prevent rogue attacks

Also should i enable ip dhcp snooping information option allow-untrusted in the core swich 1 and 2 ?

Regards Vinayak
1151
Views
0
Helpful
1
Replies
CreatePlease to create content