Register now or log in to join your professional community.
DHCP snooping and Arp inspection
DHCP snooping will mitigate dhcp attack in a network. Using DHCP feature we create trusted and untrusted ports. DHCP response message is allowed only through trusted ports.Ensure that all end point ports are termed as untrusted.
The DHCP snooping feature on Cisco and Juniper switches can be used to mitigate a DHCP server spoofing attack. With this mechanism switch ports are configured in two different state, the trusted and untrusted state. If a port is configured to be trusted, it can receive DHCP responses. In other way, if a port is untrusted, it is not allowed to receive DHCP responses, and if a false attackers DHCP response attempts to enter an untrusted port, the port will be disabled.
WITH DHCP snooping feature
The DHCP snooping feature on Cisco and Juniper switches
The DHCP snooping feature on Cisco and Juniper switches can be used to prevent DHCP attack.
by globally enabling dhcp snooping in all ports of all the switches. but we can also enable it in some Vlans only.