Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Question ID: SW076
Any idea why the correct answer is to configure DHCP snooping on ports connected to trusted DHCP servers?

Wouldun't it be on ports that connect to untrusted clients?

Any ideas?
By enabling DHCP snooping on port(s) connected to a trusted DHCP server, you basically stop any DHCP reply from any untrusted port except the port where the DHCP server resides (you can do this on the interface level, "int fa0/1", "ip dhcp snooping trust"). This will prevent any rogue DHCP server from connecting to your network. So, if someone attempts to bring any DHCP server equipment (i. e. Netgear or Linksys router) and plug it your network - DHCP snooping will shut the port where the rogue server is connected.  I hope this helps.

Forum Jump:

Users browsing this thread: 1 Guest(s)