CCNA 200 301 Volume 2 Chapter 8 DHCP
- Slides: 29
CCNA 200 -301, Volume 2 Chapter 8 DHCP Snooping and ARP Inspection
Objectives • Configure Layer 2 security features (DHCP snooping, dynamic ARP inspection, and port security)
DHCP Snooping • Acts like a firewall or an ACL in many ways • Watches for incoming messages on either all ports or some ports • Looks for DHCP messages and ignores all non. DHCP messages • DHCP snooping logic: allow the message or discard the message • Acts off the concept of trusted and untrusted ports for determining which DHCP messages are allowed
DHCP Snooping Basics: Client Ports are Untrusted
DHCP Attack Supplies Good IP Address but Wrong Default Gateway
Unfortunate Result: DHCP Attack Leads to Man-in-the-Middle
Summary of Rules for DHCP Snooping
DHCP Snooping Checks chaddr and Ethernet Source MAC
Legitimate DHCP Client with DHCP Binding Entry Built by DHCP Snooping
DHCP Snooping Defeats a DHCP RELEASE from Another Port
Sample Network Used in DHCP Snooping Configuration Examples
DHCP Snooping Configuration to Match Previous Graphic
SW 2 DHCP Snooping Status
Configuring DHCP Snooping Message Rate Limits
Confirming DHCP Snooping Rate Limits
Legitimate ARP Tables After PC 1 DHCP and ARP with Router R 2
A Detailed Look at ARP Request and Reply
Nefarious Use of ARP Reply Causes Incorrect ARP Data on R 2
Man-in-the-Middle Attack Resulting from Gratuitous ARP
DAI Filtering ARP Based on DHCP Snooping Binding Table
DAI Filtering Checks for Source MAC Addresses
Sample Network Used in ARP Inspection Configuration Examples
IP ARP Inspection Configuration to Match Previous Graphic
IP DHCP Snooping Configuration Added to Support DAI
SW 2 IP ARP Inspection Status
Sample Results from an ARP Attack
Configuring ARP Inspection Message Rate Limits
Confirming ARP Inspection Rate Limits
Configuring Optional DAI Message Checks
- Ccna 200-301 slides
- Ccna 200-301 ppt slides download
- Bootp que es
- 300+200+200+200
- Ccna 3 chapter 1
- What is a function of the data link layer ccna
- Ccna 4 chapter 4
- Modern network security threats
- Ccna 4 chapter 1
- Ccna chapter 7
- Ccna 2 chapter 3
- Ccna chapter 11
- Ccna 1 chapter 4
- Ccna 4 chapter 4
- Ccna 2 chapter 11
- Ccna 4 chapter 5
- Ccna 1 chapter 7
- 200+200+100+100
- 200+400+600+800
- 300 + 300 + 200
- 200 + 200 + 300
- 100 200 300
- 100 200 300
- Drug and alcohol jeopardy
- Ccna
- Ccna 640
- Rip student
- Cisco ccna exploration
- Ccna frame relay
- Intermediary devices