Netband Project - DHCP Snooping
From Teknologisk videncenter
								
												
				<accesscontrol>NetBand</accesscontrol> This page is part of the Netband Project
- DHCP snooping is a DHCP security feature that provides network security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding database, also referred to as a DHCP snooping binding table.
- The DHCP snooping bindings are also used by the security features Dynamic Arp Inspection and IP Source Guard.
Configuration
ip dhcp snooping vlan 3,5 ip dhcp snooping information option allow-untrusted ip dhcp snooping ! interface FastEthernet0/1 description HQdc1 ip dhcp snooping trust !
Verification
HQSW1#'''sh ip dhcp snooping binding''' MacAddress IpAddress Lease(sec) Type VLAN Interface ------------------ --------------- ---------- ------------- ---- -------------------- 00:1B:2A:79:5F:53 10.1.2.52 208 dhcp-snooping 5 FastEthernet0/13 00:03:47:C9:9F:AC 10.1.1.10 218 dhcp-snooping 3 FastEthernet0/2 00:21:5A:F7:F1:01 10.1.2.50 51 dhcp-snooping 5 FastEthernet0/11 Total number of bindings: 3
HQSW1#'''sh ip dhcp snooping'''
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
3,5
Insertion of option 82 is enabled
   circuit-id format: vlan-mod-port
    remote-id format: MAC
Option 82 on untrusted port is allowed
Verification of hwaddr field is enabled
Interface                    Trusted     Rate limit (pps)
------------------------     -------     ----------------
FastEthernet0/1              yes         unlimited