Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
3
Replies

Help understanding DHCP Snooping and Dynamic ARP Inspection

EZRA SHYAM
Level 1
Level 1

‎11-19-2013 09:47 PM - edited ‎03-07-2019 04:41 PM

Please help me to understand DHCP Snooping and Dynamic ARP Inspection.

Labels:
0 Helpful
3 Replies 3

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎11-19-2013 10:55 PM

HI Ezra,

In simple words:

DHCP Snooping is a feature which is available on switches. This feature is used to prevent rogue dhcp server attacks.

dhcp-snooping1.jpg

In the diagram, a valid dhcp server is connected to the network. The computers are suppose to receive dynamic ip addresses from the valid server. An attacker implants a rogue dhcp server on the network as shown in the diagram. The following steps are followed for a client to receive an ip address from a dhcp server.

When a client (computer) is connected to the switch and is configured to receive a dynamic ip address from a dhcp server, the dhcp service on the client, sends out a DHCP Discover packet, searching for servers on the network. This packet is broadcast in nature. DHCP servers on the network, would respond to the DHCP Discover packet sent from the client. In the example, both the DHCP servers would respond to the DHCP discover packet. The client would process the first packet it receives. If the response send by the rogue dhcp server reaches the client first, then the computer would have an ip address provided by the rogue dhcp server.

To prevent this, dhcp snooping is configured on the port on which the valid dhcp server is connected to. After the configuration is performed, no other ports on the switch would be able to respond to DHCP Discover packets from the clients. So even through the attacker has set up a rogue dhcp server, the port on the switch to which the attacker has connected would not be allowed to respond to DHCP discover packets. Thus dhcp snooping thwarts the attempt from the attacker in setting up a rogue dhcp server.

DAI:

Please read the expalined version from here: http://ciscocertstudyblog.blogspot.de/2010/06/ciscoblogpics.html

More about DHCP snooping and DAI: Please read this attached document with some detailed explanation.

Hope it helps.

Regards

Please use rating system and mark athe question answered it may help others.

0 Helpful

EZRA SHYAM
Level 1
Level 1
In response to Sandeep Choudhary

‎11-20-2013 07:55 PM

Thanks Sandeep for the clarification...

  Attached PDF file is not having complete view and boders are not viewable. Can i get the compelte document?

  Regards,

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to EZRA SHYAM

‎11-20-2013 10:49 PM

Hi,
I don't hv word version of this I think u canderstand with this document ... Only the left side one word is not completely visible.

Hope it helps

Regards
Don't forget to rate helpful post.

If u are satisfied with the answer then mark this question as answered.

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card