|
|
Recent Articles |
MCSE Certification: Real Boot Camps And Cheat Camps
A technical training school that provides accelerated instruction leading to MCSE certification is typically referred to as an MCSE boot camp. From my experience, having taught boot camps for five years, the name...
The EIGRP Adjacency
EIGRP is an important part of real-world networking as well as being a major topic
on the 642-901 CCNP BSCI exam. As with any networking topic, before you try to master intermediate and advanced skills, you...
Cisco
CCNA / CCNP Certification: EIGRP And Split...
EIGRP is a major topic for your CCNA and CCNP studies, and one basic skill you'll
need to pass your Cisco certification exams is to identify situations where you
need to enable or disable split horizon. EIGRP commands tend to be a little different than those...
Cisco CCNP / BSCI Exam: Passive Interface Command
To pass the BSCI exam and become a CCNP, you have to be aware of the proper use of passive interfaces. You learned about passive interfaces in your CCNA studies, but here we'll review the basic concept and clear...
Cisco
CCNP / BSCI Exam: OSPF Virtual Links
Knowing when and how to create an OSPF virtual link is an essential skill for
BSCI and CCNP exam success, not to mention how important it can be on your job!
As a CCNA and CCNP candidate, you know the theory...
|
|
 |
|
05.18.07
Cisco CCNP BCMSN 642-812 Certification Exam Tutorial: DHCP Snooping
 By
Chris Bryant
An important part of passing the Cisco CCNP BCMSN exam and protecting your network from intruders is to recognize that even everyday protocols and services can work against us once that intruder is in our network.
It may be hard to believe, but something as innocent as DHCP can actually lead to trouble for your network. When a host sends out a DHCPDiscovery packet, it listens for DHCPOffer packets - and accepts the first Offer it gets!
Part of that DHCPOffer is the address to which the host should set its default gateway. What if a DHCP server that does not belong on our network - a rogue DHCP server - is placed on that subnet?
If that host uses the DHCPOffer from the rogue server, the host could end up using the rogue server as its default gateway or DNS server!
We can prevent this with DHCP Snooping. DHCP Snooping classifies interfaces as either trusted or untrusted.
DHCP messages received on trusted interfaces will be permitted to pass through the switch, but DHCP messages received on untrusted interface result in the interface itself being placed into err-disabled state.
By default, the switch considers all ports untrusted - which means we better remember to configure the switch to trust some ports when we enable DHCP Snooping!
First, we need to enable DHCP Snooping on the entire switch:
SW1(config)#ip dhcp snooping
To enable DHCP Snooping for a particular VLAN, use the ip dhcp snooping command.
SW1(config)#ip dhcp snooping vlan 4
Ports can then be configured as trusted with the ip dhcp snooping trust command.
SW1(config-if)#ip dhcp snooping trust
There are other options available with DHCP Snooping, and we'll look at some of those in a future tutorial. DHCP Snooping is an important topic for your CCNP BCMSN exam, and it's just as important in real-world networks!
About the Author:
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNA and CCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.
For a FREE copy of his latest e-books, “How To Pass The CCNA” and “How To Pass The CCNP”, visit the website and download your free copies. You can also get FREE CCNA and CCNP exam questions every day! Pass the CCNA exam with The Bryant Advantage!
|
