When DHCP servers are allocating IP addresses to the clients on the LAN, DHCP snooping can be configured on LAN switches to harden the security on the LAN to only allow clients with specific IP/MAC addresses to have access to the network.
DHCP snooping is a series of layer 2 techniques. It works with information from a DHCP server to:
* Track the physical location of hosts.
* Ensure that hosts only use the IP addresses assigned to them.
* Ensure that only authorized DHCP servers are accessible.
In short, DHCP snooping ensures IP integrity on a Layer 2 switched domain.
With DHCP snooping, only a whitelist of IP addresses may access the network. The whitelist is configured at
the switch port level, and the DHCP server manages the access control.
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network.
DHCP snooping also stops attackers from adding their own DHCP
servers to the network. An attacker-controlled DHCP server could wreak
havoc in the network or even control it.
Web Ref:
Understanding and Configuring DHCP Snooping
Configuring DHCP Snooping
DHCP snooping is a series of layer 2 techniques. It works with information from a DHCP server to:
* Track the physical location of hosts.
* Ensure that hosts only use the IP addresses assigned to them.
* Ensure that only authorized DHCP servers are accessible.
In short, DHCP snooping ensures IP integrity on a Layer 2 switched domain.
With DHCP snooping, only a whitelist of IP addresses may access the network. The whitelist is configured at
the switch port level, and the DHCP server manages the access control.
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network.
DHCP snooping also stops attackers from adding their own DHCP
servers to the network. An attacker-controlled DHCP server could wreak
havoc in the network or even control it.
Web Ref:
Understanding and Configuring DHCP Snooping
Configuring DHCP Snooping
Comments