3 dhcp snooping troubleshooting help, 1 monitor and debug information, Dhcp – QTECH QSW-3400 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

269

Sketch Map of TRUNK

As showed in the above chart, Mac-AA device is the normal user, connected to the non-trusted

port 1/1 of the switch. It operates via DHCP Client, IP 1.1.1.5; DHCP Server and GateWay are

connected to the trusted ports 1/11 and 1/12 of the switch; the malicious user Mac-BB is

connected to the non-trusted port 1/10, trying to fake a DHCP Server(by sending DHCPACK).

Setting DHCP Snooping on the switch will effectively detect and block this kind of network

attack.

Configuration sequence is:
switch#
switch#config
switch(config)#ip dhcp snooping enable
switch(config)#interface ethernet 1/11
switch(Config-Ethernet1/11)#ip dhcp snooping trust
switch(Config-Ethernet1/11)#exit
switch(config)#interface ethernet 1/12
switch(Config-Ethernet1/12)#ip dhcp snooping trust
switch(Config-Ethernet1/12)#exit
switch(config)#interface ethernet 1/1-10
switch(Config-Port-Range)#ip dhcp snooping action shutdown
switch(Config-Port-Range)#

34.3 DHCP Snooping Troubleshooting Help

34.3.1 Monitor and Debug Information

The “debug ip dhcp snooping” command can be used to monitor the debug information.