The objective of this lab exercise is for you to learn how to implement DHCP snooping in your network to protect your DHCP environment.
DHCP snooping is a feature that enables a network to trust only the required DHCP servers in the network to prevent rogue DHCP servers from providing malicious information. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure DHCP snooping in your network.
This lab is suitable for ICND2 and CCNA certification exam preparation.
This lab has a difficulty rating of 6/10.
When you are ready for your certification exam, you should complete this lab in no more than 10 minutes.
Please use the following topology to complete this lab exercise (LAN 192.168.1.0/24 belongs to VLAN1):
Note: We will only focus on the switch side of the configuration (the server and clients are already configured). Packet Tracer will let you enable DHCP (and a pool) on a server and allocate the IP address shown. For the client, you can configure it to use DHCP to obtain IP information.
Configure the hostnames on Sw1 as illustrated in the topology.
Enable DHCP snooping globally and then on the specific VLAN (1).
Make sure that Sw1 trusts the connection to the DHCP server.
Check the DHCP status by running the following commands:
show ip dhcp snooping
show ip dhcp snooping binding (Use this command after a PC requests an address via DHCP.)
Configuration and Verification
For reference information on configuring hostnames, please refer to earlier labs.
SW1(config)#ip dhcp snooping SW1(config)#ip dhcp snooping vlan1
SW1(config)#interface gigabithethernet0/1 SW1(config-if)#ip dhcp snooping trust
SW1#show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 1 Insertion of option 82 is enabled Interface Trusted Rate limit (pps) ------------------ ------- ---------------- Gigabitethernet0/1 yes unlimited Gigabitethernet0/2 no unlimited SW1#show ip dhcp snooping binding Option 82 on untrusted port is not allowed MacAddress IpAddress Lease(sec) Type VLAN Interface 00:12:34:81:21:9A 192.168.1.10 85545 dynamic 1 Gigabitethernet0/2