Manual
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
269
Sketch Map of TRUNK
As showed in the above chart, Mac-AA device is the normal user, connected to the non-trusted
port 1/1 of the switch. It operates via DHCP Client, IP 1.1.1.5; DHCP Server and GateWay are
connected to the trusted ports 1/11 and 1/12 of the switch; the malicious user Mac-BB is
connected to the non-trusted port 1/10, trying to fake a DHCP Server(by sending DHCPACK).
Setting DHCP Snooping on the switch will effectively detect and block this kind of network
attack.
Configuration sequence is:
switch#
switch#config
switch(config)#ip dhcp snooping enable
switch(config)#interface ethernet 1/11
switch(Config-Ethernet1/11)#ip dhcp snooping trust
switch(Config-Ethernet1/11)#exit
switch(config)#interface ethernet 1/12
switch(Config-Ethernet1/12)#ip dhcp snooping trust
switch(Config-Ethernet1/12)#exit
switch(config)#interface ethernet 1/1-10
switch(Config-Port-Range)#ip dhcp snooping action shutdown
switch(Config-Port-Range)#
34.3 DHCP Snooping Troubleshooting Help
34.3.1 Monitor and Debug Information
The “debug ip dhcp snooping” command can be used to monitor the debug information.