Home > Others

When ARP encounters DHCP Snooping

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

We have been learning DHCP Snooping for some time. DHCP Snooping is a barrier for DHCP to handle security issues. Let's take a look at ARP and DHCP Snooping.

Relationship between DHCP Snooping and ARP Detection

ARP detection is to check all ARP packets passing through the device. DHCP Snooping needs to provide database information for ARP detection. When receiving ARP packets, the DAI module queries the bound database of DHCP snooping Based on the packet. It considers the received ARP packet to be valid only when the mac, ip, and port information of the received ARP packet are matched, or discard the message.

Other considerations for DHCP Snooping Configuration
 
The DHCP Snooping function and the DHCP Option 82 function of 1x are mutually exclusive.

DHCP Snooping and DHCP Option82

DHCP Snooping only detects the user's DHCP process. If you want to control the user's access through an IP address allocated by DHCP, you must use the ARP detection function. The ARP detection module must detect all ARP packets, therefore, it will affect the overall performance of the device.

Enable or disable DHCP Snooping

By default, the DHCP Snooping function of the device is disabled. When the ip dhcp snooping command is configured, the device enables the dhcp snooping function to monitor dhcp packets.

 
 
    
  
  
  1. Switch # configure terminal // enter the Configuration Mode
    2. 
  
  
  2. Switch (config) # [no] ip dhcp snooping DHCP snooping // enable and disable
    3.

Below is the configuration to enable the DHCP snooping function of the device:

 
 
    
  
  
  1. switch# configure terminal   
    2. 
  
  
  2. switch(config)# ip dhcp snooping   
    3. 
  
  
  3. switch(config)# end   
    4. 
  
  
  4. switch# 
    5.

Configure the DHCP source MAC check function

After this command is configured, the device checks the MAC address of the source MAC and Client fields for the DHCP Request packets sent from the UNTRUST port, and discards invalid packets with different MAC values. Check is not performed by default.

 
 
    
  
  
  1. Switch # configure terminal // enter the Configuration Mode
    2. 
  
  
  2. Switch (config) # [no] ip dhcp snooping
    3. 
  
  
  3. Verify mac-address
    4.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
arp arp scan arp 2800 arp whois igmp snooping arp finder fatal encounters wiki

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More