In this article, I will describe a simple and effective security protection which is already available on all Cisco switches.
Cisco switches
It allows us to filter and block certain types of DHCP Rogue.
This is DHCP snooping. By default this feature is not enabled, to use this feature, first, we have to enable it.
enable configure terminal ip dhcp snooping ip dhcp snooping vlan 1
After enabling, we can configure it on trust interface and untrust interface.
Once configured it actively monitors incoming traffic on all ports.
If it detects any DHCP packet, based on its configuration either it allows the packet or drops the packet.
In this article interface 0/0 is associated with a trusted dhcp server, and interface 0/1 is associated with a rogue dhcp server.
interface ethernet 0/0 ip dhcp snooping trust no shutdown exit interface range ethernet 0/1-3 no shutdown no ip dhcp snooping trust exit exit write
Once configured, DHCP packets passing through the interface 0/1 are dropped. Only DHCP packets passing through the interface 0/0 are allowed through.
Facebook: https://www.facebook.com/routerbest
Twitter: https://twitter.com/routerbestcom
