Have you been studying for an AWS certification and have yet to actually
test? Now might be the time. AWS is currently offering free retakes of
their cer...
1 month ago
My Blog List
-
-
The debates around IP multicast stopped about five to ten years ago AFAICT. No one wants to deal with it anymore. In theory, IP multicast was a good idea b...9 months ago
-
https://cloud.google.com/load-balancing/docs/tcp/internal-proxy Traffic flow: client -> Load-balancer Forwarding rule TCP IP:port -> Target proxy -> backen...1 year ago
-
At its core, DNS is what makes the internet work. Without it, everyone would need to remember the IP address…1 year ago
-
Defining service availability using the famous X nines (and all the hacks like “planned downtime doesn’t count”) is pretty useless in a highly distribute...4 years ago
-
Please join us in congratulating the following iPexpert students who have passed their CCIE lab! This Week’s CCIE Success Stories Lucas Handybiantoro, CCIE...8 years ago
-
It’s official, the CCIE DC has been announced. Here’s the meat of the announcement: “Cisco announced today that a new expert-level certification for data c...12 years ago
About Me
- Packets Analyzed
- A dynamic, innovative, and skilled individual that is passionate about technology providing technical leadership and architectural oversight. I have in depth knowledge in a variety of technologies which provides a holistic overview of the environment and allows for superior solutions. I take business challenges and create IT solutions that are highly available, scalable, and secure. I have the ability to translate business objectives into IT initiatives. I have a continued thirst for knowledge and share that knowledge with colleagues, business partners, and vendors. I make contributions to the IT community participating in seminars, online forums, and actively blogging.
CCIE, CCNP, CCDP, CCIP, CCNA Voice, CCNA Security, CCNA R&S, CCDA, Network, GCFW, GSEC, CEH, VCP4, VCP3, CNE6, MCITP - WK8 Server Admin, MCTS - WK8 MS Certified Technology Specialist, MCTS - WK8 Network Infrastructure Config, MCTS - WK8 AD Config, MCTS - WK8 Application Infrastructure Config, MCSA-MS Certified Solutions Associate, MCSE 2K, MCSE 2K8, MCSA 2K, MCSE 2K3, A+, ITILv3, CSA, CQS-FDS, FCNSA, FCNSP, BCNP, CDCSN-DS, BCLE, ACE, CNSS, CNSE, BCLP, CS-CRSFS, HP AIS
Popular Posts
-
When building networks leveraging a variety of products you need to consider interoperability and configuration consistency. When leveraging... -
The topology depicted in the diagrams is used to help demonstrate data flow during failure and to provide discussion around best practices a... -
JunOS separates the control plane and the forwarding (data) plane. The control plane contains the processes that control routing and switchi... -
The flow starts with the initial "Packet Processing" ----> "Security Pre-Policy" ----> "Application" --... -
VLR - (Visitor Location Register) A database of the subscribers who have roamed into the domain of another MNO (Mobile Network Operator/MS...
-
Confirming that local authentication on the switch and ACS is working after you finished your configuration perform the following: Run t... -
If you struggle with what is what in regards to Inside/Outside Local/Global then the following may help. View it from the following perspe... -
Well it is time to buckle down and make it happen in 2014. The goal is to become a dual CCIE by the end of 2014. I have previously passed th...
-
Nexus 7000/5000 SPAN Sessions SPAN Session Limit - 18 Nexus 1000V SPAN Session Limit (SPAN and ERSPAN) - 64 Nexus 5000 SPAN Sessions Can S...
-
Master Selection - High Availability with Fortinet Master (also known as the Primary) is chosen based on the following monitored port ...
2 comments:
DHCP snooping provides a layer of security and ensures rouge DHCP servers cannot offer DHCP services to your clients.
DHCP server on port f0/10
Rouge DHCP server on port f0/11
VLANs used 10 - clients, 20 servers
Must enable DHCP snooping on the switch
ip dhcp snooping
You need to identify which VLANs will be using DHCP snooping
ip dhcp snooping vlan 10,20
Now you have to configure the ports that are trusted to offer DHCP services (All ports are untrusted by default).
interface fa0/10
ip dhcp snooping trust
To allow DHCP relay agent you must allow option 82, this is done with the following command
ip dhcp snooping information option
To rate limit the number of DHCP packets per second use the following command
ip dhcp snooping rate limit (pps)
Use the "show ip dhcp snooping"
IP source guard can be used in combination with DHCP snooping. IP source guard prevents a host from spoofing an IP address that has been issued to a DHCP client. IP source guard can also work with static addresses.
Interface configuration commands
"ip verify source" (checks the IP Address)
"ip verify source binding " (checks the mac address)
"ip verify source port-security" (Checks MAC and IP)
*Must be used with "ip DHCP snooping" global configuration command
Post a Comment