From the course: Cisco CCNA (200-301) Cert Prep: 3 Security, Automation, and Programmability
Join today to access over 24,800 courses taught by industry experts.
DHCP snooping
From the course: Cisco CCNA (200-301) Cert Prep: 3 Security, Automation, and Programmability
DHCP snooping
- [Instructor] DHCP snooping is a method to prevent rogue DHCP servers on a network. A rogue is any unauthorized DHCP server on a network, either accidentally, or one with malicious intent. When snooping is enabled on a VLAN within a switch, it will protect any ports configured for that VLAN that are not designated as trusted ports. An untrusted port is going to be one facing end users, which is the default state, while a trusted port is going to be either the port that connects directly to the DHCP server or an uplink to another switch or router that terminates the DHCP server. In short, untrusted ports will discard any packets that would normally be sourced from a DHCP server, so only DHCP client requests will be allowed. On trusted ports, either client or server packets can be sent. As an untrusted port goes through the DHCP process, the switch will add the MAC address of the client, its assigned IP, the interface it was learned on, and the VLAN it is in to the DHCP snooping…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
Key security concepts4m 18s
-
(Locked)
Security program elements1m 19s
-
(Locked)
Password policy elements2m 27s
-
(Locked)
VPNs2m 43s
-
(Locked)
Standard access control lists (ACLs)4m 49s
-
(Locked)
ACL wildcard masks4m 20s
-
(Locked)
Extended ACLs3m 46s
-
(Locked)
Named ACLs6m 14s
-
(Locked)
Port security4m 18s
-
(Locked)
DHCP snooping3m 33s
-
(Locked)
Dynamic ARP Inspection (DAI)3m 42s
-
-
-