Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DHCP Snooping

From: "Ivan ." <ivanhec () gmail com>
Date: Thu, 8 Jun 2006 09:11:03 +1000
Hi

I assume your talking Cisco? If so check this out

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_13/config/dhcp.htm

cheers
Ivan



On 6/7/06, Sven Édouard <sven_edouard () fastmail co uk> wrote:
>  DHCP Security is ultimately a tricky proposition, keep in mind that
> these communications are sent over UDP, which can be spoofed, therefore,
> what you would need to do is force everyone's configuration to be a
> static one in order to avoid a spoofed respose condition.
>
> Also, there is the risk that someone on your network is using the same
> MAC address as another user, and therefore could see all of the traffic
> intended for that user. I think you could cover these cases by deploying
> VLANS but just wanted to bring up these potential issues.
>
> Sven
>
>
>
>
> On 6 Jun 2006 19:52:59 -0000, timpacalypse () yahoo com said:
> > I'm looking at deploying DHCP Snooping in our environment.  I just want
> > to make sure I've got this straight.
> >
> > We only have 1 DHCP server.  So the only port that I need to say is
> > trusted is the one the DHCP Server is connected to, right?  I don't want
> > anyone to be able to deploy any rogue DHCP Servers in the network.  We
> > are using VLANS, but I don't need to set the trunk ports as trusted do I?
> --
>   Sven Édouard
>   sven_edouard () fastmail co uk
>
> --
>  http://www.fastmail.fm - One of many happy users:
>   http://www.fastmail.fm/docs/quotes.html
>
>
Previous By Date Next
Previous By Thread Next

Current thread: