HPE Community
Switches, Hubs, and Modems
1752794 Members
6567 Online
108789 Solutions
New Discussion юеВ

Re: preventing fake DHCP

 
abdullah.ali
Occasional Advisor

тАО10-11-2008 08:14 AM

тАО10-11-2008 08:14 AM

preventing fake DHCP

hi,

Q1
in a big network in terms of vlans and switches (which is already configured and connected) how can we prevent fake dhcp servers from being active on the network.

Q2
please provide some good practices of the ACL's to protect the network resources.
0 Kudos
4 REPLIES 4
Matt Hobbs
Honored Contributor

тАО10-11-2008 11:40 AM

тАО10-11-2008 11:40 AM

Re: preventing fake DHCP

Q1. dhcp-snooping
0 Kudos
cenk sasmaztin
Honored Contributor

тАО10-12-2008 09:02 AM

тАО10-12-2008 09:02 AM

Re: preventing fake DHCP

Q1

sw(config)# dhcp-snooping
sw(config)# dhcp-snooping authorized-server 192.xxx.xxx.xxx
sw(config)# dhcp-snooping trust 1

interface 1 connect dhcp server
other all port untrust for dhcp server


Q2
please provide some good practices of the ACL's to protect the network resources.

what do you want whit ACL ?







cenk

0 Kudos
abdullah.ali
Occasional Advisor

тАО10-12-2008 10:53 AM

тАО10-12-2008 10:53 AM

Re: preventing fake DHCP

regarding DHCP snooping, if i have a core and an edge and the dhcp server is in port 1 on the core, how should i configure the trusted ports on the edge?

please choose the answer of the following only if you are sure 100%:
1)configure all edge switches' ports as untrusted
2)configure all edge switches' ports as untrusted except the uplink one

0 Kudos
cenk sasmaztin
Honored Contributor

тАО10-12-2008 09:34 PM

тАО10-12-2008 09:34 PM

Re: preventing fake DHCP

configure all edge switch port and authorized dhcp server port must be trust port.

all other client port must be untrust

cenk sasmaztin
cenk

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.