Have A Good Friday!
You are the network administrator for a company and manage an enterprise network infrastructure with your great team! One day, your phone is calling and your troubleshooting session starts!
Clients cannot connect to servers, applications, printers and internet. You are connecting and checking related network devices, but everything is working. You can ping your servers, printers or Google servers.
Why Clients Cannot Connect To Anywhere?
While you are checking client computers, you see a very interesting thing. Client’s IP Address is 192.168.1.123, but your company’s local IP subnet is 10.157.34.0/24. How can it be?
Sorry, Someone Spoofing Your DHCP!
DHCP Snooping is a feature that secures your network from un-authorized DHCP Servers. If DHCP Snooping is not configured on your switches, any client machine with DHCP server role can assign its configured DHCP IP Pool to your clients. To avoid this, you can configure DHCP Snooping feature on your switches.
How It Works?
DHCP Snooping is configured for required VLANs and once it is enabled, switch assumes that its all interfaces are un-trusted. This means that, it is not possible to send any DHCP Offer and DHCP Acknowledge packets from these interfaces. You can still send DHCP Discover and DHCP Request packets. Only trusted interfaces are able to pass DHCP Offer and Acknowledge packets. Also, DHCP Snooping feature builds a DHCP Snooping Database on switch. In this database, switches keep IP-MAC mappings for its all interfaces. For instance; when your computer gets an IP address from DHCP Server; Switch keeps your DHCP Provided IP Address, your computer’s MAC address and your physical switch interface in its DHCP Snooping Database. Dynamic ARP Inspection and IP Source Guard features use this database.
If you need to know;
- What DHCP is, you can read it here!
- Why you need to use Dynamic ARP Inspection, you can read it here!
- How IP Source Guard protects your network, you can read it here!
Please share your opinions about this post in comments!