DHCP snooping
From HandWiki
Short description: Techniques to secure DHCP service
In computer networking, DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure.[1]
DHCP servers allocate IP addresses to clients on a LAN. DHCP snooping can be configured on LAN switches to exclude rogue DHCP servers and remove malicious or malformed DHCP traffic. In addition, information on hosts which have successfully completed a DHCP transaction is accrued in a database of bindings which may then be used by other security or accounting features.[2][3]
Other features may use DHCP snooping database information to ensure IP integrity on a Layer 2 switched domain. This information enables a network to:
- Track the physical location of IP addresses when combined with AAA accounting or SNMP.
- Ensure that hosts only use the IP addresses assigned to them when combined with source-guard a.k.a. source-lockdown[4]
- Sanitize ARP requests when combined with arp-inspection a.k.a. arp-protect
References
- ↑ Banks, Ethan. "Five Things To Know About DHCP Snooping". http://packetpushers.net/five-things-to-know-about-dhcp-snooping/. Retrieved 29 February 2016.
- ↑ "What Is DHCP Snooping, all things you should know". Leslie. https://www.qsfptek.com/article/what-is-dhcp-snooping-all-things-you-should-know.
- ↑ "DHCP Snooping". Adarsh Sahni. 14 July 2020. https://www.geeksforgeeks.org/dhcp-snooping/.
- ↑ Cisco Systems, Inc. "Catalyst 3750-X and Catalyst 3560-X Switch Software Configuration Guide, Cisco IOS Release 15.0(2)SE and Later". http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_2_se/configuration/guide/3750x_cg/swdhcp82.html#24258. Retrieved 29 February 2016.
 |  |
