DHCP snooping prevents man-in-the middle attack on our network. Attacker pretends to be the DHCP Server and responds to the DHCPDISCOVER packets before the real server has time to respond. DHCP snooping enables trust on the port that DHCP server connected to and helps to keep away the Attacker. DHCP snooping trust created on the port and and this is the only port that is allowed to send DHCP server responses such as DHCPOFFER.Following are the commands to enable it
Switch(config)#ip dhcp snooping
Switch(config)#ip dhcp snooping
Switch(config)#int fa0/1
Switch(config-if)#ip dhcp snooping trust
No comments:
Post a Comment