Security Basics mailing list archives
Re: DHCP Snooping
From: "Dmitry Cherkasov" <doctorchd () gmail com>
Date: Wed, 7 Jun 2006 09:36:06 +0300
6 Jun 2006 19:52:59 -0000, timpacalypse () yahoo com <timpacalypse () yahoo com>:
I'm looking at deploying DHCP Snooping in our environment. I just want to make sure I've got this straight. We only have 1 DHCP server. So the only port that I need to say is trusted is the one the DHCP Server is connected to, right? I don't want anyone to be able to deploy any rogue DHCP Servers in the network. We are using VLANS, but I don't need to set the trunk ports as trusted do I?
Probably you need the following: 1) DHCP-server runs on the default router for the customers 2) port-based VLANs are set up on a switch so that router port belongs to any of these VLANs and every customer port belongs to one of them 3) local-proxy-arp on the router 4) dhcp-authorized ARP on the router 5) filter off all BOOTP broadcasts between customers on the router -- Dmitry Cherkasov
Current thread:
- DHCP Snooping timpacalypse (Jun 06)
- Re: DHCP Snooping Sven Édouard (Jun 07)
- Re: DHCP Snooping Dmitry Cherkasov (Jun 09)
- Message not available
- Re: DHCP Snooping Ivan . (Jun 09)
- Re: DHCP Snooping Sven Édouard (Jun 07)
- Re: DHCP Snooping Dmitry Cherkasov (Jun 07)
- Re: DHCP Snooping Kenton Smith (Jun 09)
- <Possible follow-ups>
- Re: DHCP Snooping s (Jun 07)
- DHCP Snooping Juan Munera (Jun 26)