Cisco,CCNP,BCMSN,642-812,Certi computer Cisco CCNP BCMSN 642-812 Certification Exam Tutorial: DHCP
Gone are those times when the companies and the organisations didn't need a hi-tech system to handle them. Owing to the considerable increase in the business sector and thus, an enormous increase in the complexity of the organisational struc ----------------------------------------------------------Permission is granted for the below article to forward,reprint, distribute, use for ezine, newsletter, website,offer as free bonus or part of a product for sale as longas no changes a
An important part of passing the Cisco CCNP BCMSN exam and protecting your network from intruders is to recognize that even everyday protocols and services can work against us once that intruder is in our network.It may be hard to believe, but something as innocent as DHCP can actually lead to trouble for your network. When a host sends out a DHCPDiscovery packet, it listens for DHCPOffer packets - and accepts the first Offer it gets!Part of that DHCPOffer is the address to which the host should set its default gateway. What if a DHCP server that does not belong on our network - a rogue DHCP server - is placed on that subnet?If that host uses the DHCPOffer from the rogue server, the host could end up using the rogue server as its default gateway or DNS server!We can prevent this with DHCP Snooping. DHCP Snooping classifies interfaces as either trusted or untrusted.DHCP messages received on trusted interfaces will be permitted to pass through the switch, but DHCP messages received on untrusted interface result in the interface itself being placed into err-disabled state.By default, the switch considers all ports untrusted - which means we better remember to configure the switch to trust some ports when we enable DHCP Snooping! First, we need to enable DHCP Snooping on the entire switch:SW1(config)#ip dhcp snoopingTo enable DHCP Snooping for a particular VLAN, use the ip dhcp snooping command.SW1(config)#ip dhcp snooping vlan 4Ports can then be configured as trusted with the ip dhcp snooping trust command.SW1(config-if)#ip dhcp snooping trustThere are other options available with DHCP Snooping, and well look at some of those in a future tutorial. DHCP Snooping is an important topic for your CCNP BCMSN exam, and its just as important in real-world networks!
Cisco,CCNP,BCMSN,642-812,Certi