Cisco CCNA Packet Tracer Ultimate labs: DHCP Snooping: Can you complete the lab?

Packet Tracer file (PT Version 7.1): https://goo.gl/HzpBDW
Get the Packet Tracer course for only $10 by clicking here: https://goo.gl/vikgKN
Get my ICND1 and ICND2 courses for $10 here: https://goo.gl/XR1xm9 (you will get ICND2 as a free bonus when you buy the ICND1 course).

For lots more content, visit http://www.davidbombal.com – learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more.

#CCNA #PacketTracer #CCENT

DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs the following activities:

•Validates DHCP messages received from untrusted sources and filters out invalid messages.

•Rate-limits DHCP traffic from trusted and untrusted sources.

•Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.

•Utilizes the DHCP snooping binding database to validate subsequent requests from untrusted hosts.

Other security features, such as dynamic ARP inspection (DAI), also use information stored in the DHCP snooping binding database.

DHCP snooping is enabled on a per-VLAN basis. By default, the feature is inactive on all VLANs. You can enable the feature on a single VLAN or a range of VLANs.

The DHCP snooping feature is implemented in software on the route processor (RP). Therefore, all DHCP messages for enabled VLANs are intercepted in the PFC and directed to the RP for processing.

Trusted and Untrusted Sources
The DHCP snooping feature determines whether traffic sources are trusted or untrusted. An untrusted source may initiate traffic attacks or other hostile actions. To prevent such attacks, the DHCP snooping feature filters messages and rate-limits traffic from untrusted sources.

In an enterprise network, devices under your administrative control are trusted sources. These devices include the switches, routers, and servers in your network. Any device beyond the firewall or outside your network is an untrusted source. Host ports and unknown DHCP servers are generally treated as untrusted sources.

A DHCP server that is on your network without your knowledge on an untrusted port is called a spurious DHCP server. A spurious DHCP server is any piece of equipment that is loaded with DHCP server enabled. Some examples are desktop systems and laptop systems that are loaded with DHCP server enabled, or wireless access points honoring DHCP requests on the wired side of your network. If spurious DHCP servers remain undetected, you will have difficulties troubleshooting a network outage. You can detect spurious DHCP servers by sending dummy DHCPDISCOVER packets out to all of the DHCP servers so that a response is sent back to the switch.

In a service provider environment, any device that is not in the service provider network is an untrusted source (such as a customer switch). Host ports are untrusted sources.

In the switch, you indicate that a source is trusted by configuring the trust state of its connecting interface.

The default trust state of all interfaces is untrusted. You must configure DHCP server interfaces as trusted. You can also configure other interfaces as trusted if they connect to devices (such as switches or routers) inside your network. You usually do not configure host port interfaces as trusted.

Transcription:
In this packet tracer lab, you need to configure DHCP snooping.
You need to configure this switch so that DHCP offers and other DHCP messages from the rogue DHCP server are blocked. You want to configure the switch to only trust this DHCP server and not the rogue DHCP server.

At the moment on the PCs, when we use ipconfig we can see the address that was allocated via DHCP and we can get another address by using ipconfig /renew.

So that looks good, but notice once I’ve done that enough times, an IP address from a different subnet is allocated, the rogue DHCP server is configured with this DHCP pool in the 10.1.1.100 range. The enterprise DHCP server is configured with that pool in the range 10.1.1.0

So initially, PC 2 received an IP address from the enterprise DHCP server but then received an IP address from the rogue DHCP server.

On PC 1 ipconfig
this PC has received an IP address from the rogue DHCP server. So when PCs boot up and send a DHCP requests they may receive an IP address from the rogue DHCP server instead of the enterprise DHCP server.

As an example, when I enable simulation mode in packet tracer and the PC sends a DHCP request message, that’s going go to the switch as a broadcast. The destination address of the frame is F’s it’s a broadcast address destination IP address is broadcast, there’s no source IP address at the moment the source MAC address is this, which is the MAC address of the client notice ending in 21A9.

That DHCP message is flooded by the switch and the DHCP servers will both send messages to the client……….

subscribe
  • David Bombal

Search

Categories

Recent Posts

Is this your Biggest Security Threat? Rogue AI Agents Are Coming for you …
What happens when it’s stolen or lost? #iphone #android #google #yubikey
Top 3 Skills for 2025! (includes FREE courses)
Cisco Certification Updates: What you need to know.
Will this Tiny Chip Change EVERYTHING in Quantum Computing?
Is it time to Stop Trusting VPN Companies? Host Your Own (WireGuard getting started guide)
PewDiePie Just Switched to Linux… Here’s Why You Should Too
AI Won’t Take Your Job… But THIS Will
Tails Linux USB with Persistence (Be invisible online in 5 minutes)
What happens when there is no DHCP server?