Lab 74: Configuring DHCP Snooping

Lab Objective:

The objective of this lab exercise is for you to learn how to implement DHCP snooping in your network to protect your DHCP environment.

Lab Purpose:

DHCP snooping is a feature that enables a network to trust only the required DHCP servers in the network to prevent rogue DHCP servers from providing malicious information. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure DHCP snooping in your network.

Certification Level:

This lab is suitable for ICND2 and CCNA certification exam preparation.

Lab Difficulty:

This lab has a difficulty rating of 6/10.

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 10 minutes.

Lab Topology:

Please use the following topology to complete this lab exercise (LAN belongs to VLAN1):

Lab 74: Configuring DHCP Snooping 1

Note: We will only focus on the switch side of the configuration (the server and clients are already configured). Packet Tracer will let you enable DHCP (and a pool) on a server and allocate the IP address shown. For the client, you can configure it to use DHCP to obtain IP information.

Task 1:

Configure the hostnames on Sw1 as illustrated in the topology.

Task 2:

Enable DHCP snooping globally and then on the specific VLAN (1).

Task 3:

Make sure that Sw1 trusts the connection to the DHCP server.

Task 4:

Check the DHCP status by running the following commands:

show ip dhcp snooping
show ip dhcp snooping binding (Use this command after a PC requests an address via DHCP.)

Configuration and Verification

Task 1:

For reference information on configuring hostnames, please refer to earlier labs.

Task 2:

SW1(config)#ip dhcp snooping 
SW1(config)#ip dhcp snooping vlan1

Task 3:

SW1(config)#interface gigabithethernet0/1 
SW1(config-if)#ip dhcp snooping trust

Task 4:

SW1#show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs: 1
Insertion of option 82 is enabled 

Interface            Trusted Rate limit (pps)
------------------   ------- ----------------        
Gigabitethernet0/1   yes     unlimited
Gigabitethernet0/2   no      unlimited
SW1#show ip dhcp snooping binding 
Option 82 on untrusted port is not allowed 
MacAddress        IpAddress     Lease(sec) Type   VLAN    Interface 
00:12:34:81:21:9A  85545          dynamic  1     Gigabitethernet0/2

Related Articles

Inline Feedbacks
View all comments