DHCP snooping

In computer networking, DHCP snooping is a series of techniques applied to improve the security of a Dynamic Host Configuration Protocol (DHCP) infrastructure.^[1]

Techniques

DHCP servers allocate IP addresses to clients on a LAN. DHCP snooping can be configured on LAN switches to exclude rogue DHCP servers and remove malicious or malformed DHCP traffic. In addition, information on hosts which have successfully completed a DHCP transaction is accrued in a database of bindings which may then be used by other security or accounting features.^[2]^[3]

Other features may use DHCP snooping database information to ensure IP integrity on a Layer 2 switched domain. This information enables a network to:

Track the physical location of IP addresses when combined with AAA accounting or SNMP.
Ensure that hosts only use the IP addresses assigned to them when combined with source-guard; a.k.a. source-lockdown^[4]
Sanitize ARP requests when combined with arp-inspection; a.k.a. arp-protect

References

^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[Packet_Pushers-1] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[2] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[3] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[4] Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

[1]

[2]

[3]

[4]

DHCP snooping

Techniques

References

Navigation menu

Search