Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
What is DHCP snooping?
Dynamic Host Configuration Protocol (DHCP) is a network management protocol which is used to automate the process of configuring devices on IP networks. Therefore it allows them to use network services like DNS, NTP or any other communication protocol based on UDP or TCP.
DHCP snooping
DHCP snooping is a series of techniques in computer networking, which are applied for improving the security of a DHCP infrastructure.
When DHCP servicers are allocating IP addresses to the client on the LAN, DHCP snooping can be configured on LAN switches in order to prevent malicious or malformed DHCP traffic, or rogue DHCP servers.
Apart from that, the information on hosts that have been successfully completed a DHCP transaction is accrued in a database of "bindings" which may be used by other security or accounting features.
The other features can be DHCP snooping database information for ensuring IP integrity on a Layer 2 switched domain. Such information enables a network to track the physical location of IP addresses when combined with AAA accounting or SNMP (Simple Network Management Protocol).
It ensures that the host only uses the IP addresses assigned to them when combined with source-guard or source-lockdown. It helps to sanitize the Address Resolution Protocol (ARP) requests when combined with ARP-inspection or ARP-protect.
Working of DHCP Snooping
The dynamic host configuration protocol enabled network device without IP address is interact with the DHCP server with four stages as shown in below figure −
DHCP Snooping interfaces on the switch into two categories, which are as follows −
Trusted ports −A trusted port is a port whose DHCP server messages are trusted.
- Untrusted ports − An untrusted port is a port from which DHCP server messages are not trusted.
If the DHCP Snooping is initiated, the DHCP offer message can only be sent through the trusted port. Otherwise, it will be dropped.
455 Views
