i have some confusions with Dhcp snooping and it's mechanism how it works. let assume below this diagram, i have a dhcp server it connected to distribution switch and one client is directly connected to the switch.
How the dhcp snooper will authenticate all users in one vlan, what i not understand is if we already enabled dhcp snooping and trust. how the switch will know all pcs connected to the switch is trusted pc and what if i have new pc connected to switch and how will it authenticate to the new users.
What i understand is ....
if i have 150 users in one vlan , once i enable dhcp snoop, the service will start collecting all ip address currently which is directly connected to the switch Right ?
if we have new users we can bind them manually ?
how the switch authenticate the dhcp link (Dhcp snooping trust)which is directly connected to dhcp server.
regarding the scenario depicted you have to make the fa 0/1 ip dhcp snooping trust.All the other links are assumed as untrust. The dhcp snooping has nothing to do with authenticating users and permit specific IPs that has its in binding table. If you want this you should enable the ip source feature. The dhcp snooping simply not permit DHCP offers messages from untrusted ports so that it eliminates the possibility for a rogue DHCP server in your network. In addition to that it saves the bindings done through the DHCP offer messages it sees. This has no meaning if you do not enable the ip source feaure (except you know the IP addresses given in each port/pc. The switch do not authenticate the messages based on this binding table. For example if there is a PC on switch port gi 0/5 that has been assigned the IP 220.127.116.11/24 and you then connect another pc with a static IP of 18.104.22.168/24, this PC will communicate and have access normally.
Now, if your clients have already connected and assigned IP addresses and then you enable the ip dhcp snooping feature then the snooping binding table will start populated when clients re-ask dhcp server for IP address. Keep in mind that DHCP Snooping feuture do not inspect actual packet but only DHCP packets.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...