Re: DHCP Snooping
- From: "Ivan ." <ivanhec@xxxxxxxxx>
- Date: Thu, 8 Jun 2006 09:11:03 +1000
I assume your talking Cisco? If so check this out
On 6/7/06, Sven Édouard <sven_edouard@xxxxxxxxxxxxxx> wrote:
> DHCP Security is ultimately a tricky proposition, keep in mind that
> these communications are sent over UDP, which can be spoofed, therefore,
> what you would need to do is force everyone's configuration to be a
> static one in order to avoid a spoofed respose condition.
> Also, there is the risk that someone on your network is using the same
> MAC address as another user, and therefore could see all of the traffic
> intended for that user. I think you could cover these cases by deploying
> VLANS but just wanted to bring up these potential issues.
> On 6 Jun 2006 19:52:59 -0000, timpacalypse@xxxxxxxxx said:
> > I'm looking at deploying DHCP Snooping in our environment. I just want
> > to make sure I've got this straight.
> > We only have 1 DHCP server. So the only port that I need to say is
> > trusted is the one the DHCP Server is connected to, right? I don't want
> > anyone to be able to deploy any rogue DHCP Servers in the network. We
> > are using VLANS, but I don't need to set the trunk ports as trusted do I?
> Sven Édouard
> http://www.fastmail.fm - One of many happy users: