Re: DHCP Snooping



Hi

I assume your talking Cisco? If so check this out

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_13/config/dhcp.htm

cheers
Ivan


On 6/7/06, Sven Édouard <sven_edouard@xxxxxxxxxxxxxx> wrote:
> DHCP Security is ultimately a tricky proposition, keep in mind that
> these communications are sent over UDP, which can be spoofed, therefore,
> what you would need to do is force everyone's configuration to be a
> static one in order to avoid a spoofed respose condition.
>
> Also, there is the risk that someone on your network is using the same
> MAC address as another user, and therefore could see all of the traffic
> intended for that user. I think you could cover these cases by deploying
> VLANS but just wanted to bring up these potential issues.
>
> Sven
>
>
>
>
> On 6 Jun 2006 19:52:59 -0000, timpacalypse@xxxxxxxxx said:
> > I'm looking at deploying DHCP Snooping in our environment. I just want
> > to make sure I've got this straight.
> >
> > We only have 1 DHCP server. So the only port that I need to say is
> > trusted is the one the DHCP Server is connected to, right? I don't want
> > anyone to be able to deploy any rogue DHCP Servers in the network. We
> > are using VLANS, but I don't need to set the trunk ports as trusted do I?
> --
> Sven Édouard
> sven_edouard@xxxxxxxxxxxxxx
>
> --
> http://www.fastmail.fm - One of many happy users:
> http://www.fastmail.fm/docs/quotes.html
>
>