DHCP snooping

In computer networking, DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure.^[1]

When DHCP servers are allocating IP addresses to the clients on the LAN, DHCP snooping can be configured on LAN switches to allow only clients with specific IP and MAC addresses to have access to the network.

DHCP snooping can ensure IP integrity on a Layer 2 switched domain. It works with information from a DHCP server to:

Track the physical location of hosts.
Ensure that hosts only use the IP addresses assigned to them.
Ensure that only authorized DHCP servers are accessible.

With DHCP snooping, the information about IP addresses and corresponding MAC addresses is stored in a database on the network switch. Packets from clients that do not match the stored information will be dropped.^[2]

The DHCP snooping database sometimes is used for other security features such as IP source guard and dynamic ARP inspection, which makes it a central component of LAN access security.^[1]

DHCP snooping can also prevent attackers from adding their own DHCP servers to the network, causing malfunction of the network and adding further unauthorized components.

References

↑ ^1.0 ^1.1 Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.

[Packet_Pushers-1] 1.0 ^1.1 Lua error in package.lua at line 80: module 'strict' not found.

[2] Lua error in package.lua at line 80: module 'strict' not found.

[1]

[2]

DHCP snooping

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools