Return to site
Return to site

Understanding DHCP Snooping

· Technology

As outlined in my previous post (Understanding DHCP) DHCP discovery & DHCP request packets coming from a client destine to layer 2/3 broadcast. Therefore these packets will reach every host in that subnet. So anyone in that subnet can act as rouge-DHCP server & potentially issue the wrong IP to end users.

Most of the home grade DSL routers could act as DHCP server & if end user connect these sorts of thing into their office network, sometimes without their knowledge these devices issue IP to real users.

In my campus environment this has happened couple of times where students in colleges connect these sorts of devices into the network & breaks some other users network connectivity. Therefore it is important to improve your network security to prevent those sorts of network failures. The solution is to implement “DHCP snooping“.

Without DHCP snooping, you saw last time all 4 DHCP packet types (Discovery, Offer, Request, ACK) are broadcast in vlan 13 subnet & all trunk links.

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save