CCNA LAB 74: Configuring DHCP Snooping

小乔

Lab Objective:
The objective of this lab exercise is for you to learn how to implement DHCP snooping in your network to protect your DHCP environment.


Lab Purpose:
DHCP snooping is a feature that enables a network to trust only the required DHCP servers in the network to prevent rogue DHCP servers from providing malicious information. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure DHCP snooping in your network.

Certification Level:
This lab is suitable for ICND2 and CCNA certification exam preparation.

Lab Difficulty:
This lab has a difficulty rating of 6/10.

Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 10 minutes.

Lab Topology:
Please use the following topology to complete this lab exercise (LAN 192.168.1.0/24 belongs to VLAN1):




Note: We will only focus on the switch side of the configuration (the server and clients are already configured). Packet Tracer will let you enable DHCP (and a pool) on a server and allocate the IP address shown. For the client, you can configure it to use DHCP to obtain IP information.

Task 1:
Configure the hostnames on Sw1 as illustrated in the topology.

Task 2:
Enable DHCP snooping globally and then on the specific VLAN (1).


Task 3:
Make sure that Sw1 trusts the connection to the DHCP server.

Task 4:
Check the DHCP status by running the following commands:

show ip dhcp snooping
show ip dhcp snooping binding (Use this command after a PC requests an address via DHCP.)

Configuration and Verification
Task 1:
For reference information on configuring hostnames, please refer to earlier labs.


Task 2:
SW1(config)#ip dhcp snooping
SW1(config)#ip dhcp snooping vlan1
Task 3:
SW1(config)#interface gigabithethernet0/1
SW1(config-if)#ip dhcp snooping trust
Task 4:
SW1#show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs: 1
Insertion of option 82 is enabled

Interface            Trusted Rate limit (pps)
------------------   ------- ----------------        
Gigabitethernet0/1   yes     unlimited
Gigabitethernet0/2   no      unlimited
SW1#show ip dhcp snooping binding
Option 82 on untrusted port is not allowed
MacAddress        IpAddress     Lease(sec) Type   VLAN    Interface
00:12:34:81:21:9A    192.168.1.10  85545          dynamic  1     G


来源: CCNA LAB 69: Assigning Multiple Instances to a VLAN Simultaneously
来源: CCNA LAB 70: Configuring Spanning Tree Protocol for Access Ports (PortFast)
来源: CCNA LAB 71: Enabling Rapid Per-VLAN Spanning Tree
来源: CCNA LAB 72: Configure, Verify, and Troubleshoot EtherChannels (Static/PAgP/L...
来源: CCNA LAB 73: Configuring 802.1X Security