3 dhcp snooping typical application, Dhcp, Nooping – PLANET WGSW-50040 User Manual

19-5

debug ip dhcp snooping packet

debug ip dhcp snooping event

debug ip dhcp snooping update

debug ip dhcp snooping binding

Please refer to the chapter on system

troubleshooting.

19.3 DHCP Snooping Typical Application

Figure 19-1 Sketch Map of TRUNK

As showed in the above chart, Mac-AA device is the normal user, connected to the non-trusted port 1/1 of the

switch. It operates via DHCP Client, IP 1.1.1.5; DHCP Server and GateWay are connected to the trusted ports

1/11 and 1/12 of the switch; the malicious user Mac-BB is connected to the non-trusted port 1/10, trying to

fake a DHCP Server（by sending DHCPACK）. Setting DHCP Snooping on the switch will effectively detect

and block this kind of network attack.

Configuration sequence is:

switch#

switch#config

switch(config)#ip dhcp snooping enable

switch(config)#interface ethernet 1/11

switch(Config-If-Ethernet1/11)#ip dhcp snooping trust

switch(Config-If-Ethernet1/11)#exit

switch(config)#interface ethernet 1/12

switch(Config-If-Ethernet1/12)#ip dhcp snooping trust

switch(Config-If-Ethernet1/12)#exit

switch(config)#interface ethernet 1/1-10

switch(Config-Port-Range)#ip dhcp snooping action shutdown

switch(Config-Port-Range)#