Lab Objective:
The objective of this lab exercise is for you to learn how to implement DHCP snooping in your network to protect your DHCP environment.
Lab Purpose:
DHCP snooping is a feature that enables a network to trust only the required DHCP servers in the network to prevent rogue DHCP servers from providing malicious information. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure DHCP snooping in your network.
Certification Level:
This lab is suitable for ICND2 and CCNA certification exam preparation.
Lab Difficulty:
This lab has a difficulty rating of 6/10.
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 10 minutes.
Lab Topology:
Please use the following topology to complete this lab exercise (LAN 192.168.1.0/24 belongs to VLAN1):
Note: We will only focus on the switch side of the configuration (the server and clients are already configured). Packet Tracer will let you enable DHCP (and a pool) on a server and allocate the IP address shown. For the client, you can configure it to use DHCP to obtain IP information.
Task 1:
Configure the hostnames on Sw1 as illustrated in the topology.
Task 2:
Enable DHCP snooping globally and then on the specific VLAN (1).
Task 3:
Make sure that Sw1 trusts the connection to the DHCP server.
Task 4:
Check the DHCP status by running the following commands:
show ip dhcp snooping
show ip dhcp snooping binding (Use this command after a PC requests an address via DHCP.)
Configuration and Verification
Task 1:
For reference information on configuring hostnames, please refer to earlier labs.
Task 2:
SW1(config)#ip dhcp snooping SW1(config)#ip dhcp snooping vlan1
Task 3:
SW1(config)#interface gigabithethernet0/1 SW1(config-if)#ip dhcp snooping trust
Task 4:
SW1#show ip dhcp snooping Switch DHCP snooping is enabled DHCP snooping is configured on following VLANs: 1 Insertion of option 82 is enabled Interface Trusted Rate limit (pps) ------------------ ------- ---------------- Gigabitethernet0/1 yes unlimited Gigabitethernet0/2 no unlimited SW1#show ip dhcp snooping binding Option 82 on untrusted port is not allowed MacAddress IpAddress Lease(sec) Type VLAN Interface 00:12:34:81:21:9A 192.168.1.10 85545 dynamic 1 Gigabitethernet0/2