Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Wednesday, January 16, 2013

How to Configure DHCP snooping without using DHCP option 82

Configure DHCP snooping without using DHCP option 82

Network Diagram






RT1:



interface GigabitEthernet3/1



switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10-20
switchport mode trunk
switchport nonegotiate
logging event link-status
spanning-tree link-type point-to-point
spanning-tree guard root


interface GigabitEthernet4/1
switchport trunk encapsulation dot1qswitchport trunk allowed vlan 10-20switchport mode trunkswitchport nonegotiatelogging event link-statusspanning-tree link-type point-to-pointspanning-tree guard root 

SW1

config)#
no ip dhcp snooping information option   # Disable option 82
ip dhcp snooping vlan 11                 # Define Vlan for DHCP snooping
ip dhcp snooping                   # Enable DHCP snooping on a switch
interface GigabitEthernet0/46

 description uplink toward rt1  switchport mode trunk ip dhcp snooping trust              # Define trusted port
interface GigabitEthernet0/48

description uplink toward sw1
switchport mode trunk
ip dhcp snooping trust # Define trusted port
interface GigabitEthernet0/1
 description Access port Client switchport access vlan 10 switchport mode access ip dhcp snooping limit rate 10    # Rate Limit DHCP messages

SW2

(config)#

no ip dhcp snooping information option # Disable option 82ip dhcp snooping vlan 11 # Define Vlan for DHCP snoopingip dhcp snooping # Enable DHCP snooping on a switch
interface GigabitEthernet0/46

description uplink toward rt1 switchport mode trunk ip dhcp snooping trust # Define trusted port
interface GigabitEthernet0/48

description uplinc toward sw1 switchport mode trunk ip dhcp snooping trust # Define trusted port

Verify



#sh ip dhcp snooping binding

MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface

------------------  ---------------  ----------  -------------  ----  --------------------

00:11:0A:94:FD:01   10.10.1.20       687184      dhcp-snooping   11    GigabitEthernet0/1



Total number of bindings: 1





#show ip dhcp snooping statistics


  Packets Forwarded                                     = 253

 Packets Dropped                                       = 6 # drooped packets from

                                                             rogue dhcp server

 Packets Dropped From untrusted ports                  = 0




debub ip dhcp snooping events
debug ip dhcp packets







Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)