Posted by: Yasir Irfan
Cisco, Cisco 2950, Cisco 2960, Cisco 3560, Cisco 3560-E, Cisco 3750-E, Cisco 6500, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Systems, Cisco Tips, DHCP, DHCP Snooping, Err-disable, Networking, Security, Switches, Switching
Dear FriendsIn my previous post I was discussing about the DHCP Snooping, it may be hard to believe a DHCP sever can lead to lot troubles in your network. Consider a host sends out DHCP discovery packets, it listens for a DHCP offers packets and accepts the first available offer from a DHCP server. Guess what happens if the host gets a DHCP offer from a rouge DHCP server? The host could end up with using rouge DHCP server with an IP address and the default gateway. The host cannot access any of the resources from your network.
Yes we can prevent this with DHCP snooping thanks to Cisco. DHCP snooping classifies interfaces as either trusted or untrusted. DHCP messages received on trusted interfaces will be permitted to pass through the Cisco switch, but DHCP messages received on untrusted interface in a Cisco Switch results in putting the interface into error disable state. Configuring DHCP snooping in a Network is quite troublesome job but I will try to make things easier for you by using a scenario, which hopefully I am going post soon.