CCNA LAB 74: Configuring DHCP Snooping
本帖最后由 小乔 于 2022-12-26 15:46 编辑Lab Objective:
The objective of this lab exercise is for you to learn how to implement DHCP snooping in your network to protect your DHCP environment.
Lab Purpose:
DHCP snooping is a feature that enables a network to trust only the required DHCP servers in the network to prevent rogue DHCP servers from providing malicious information. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure DHCP snooping in your network.
Certification Level:
This lab is suitable for ICND2 and CCNA certification exam preparation.
Lab Difficulty:
This lab has a difficulty rating of 6/10.
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 10 minutes.
Lab Topology:
Please use the following topology to complete this lab exercise (LAN 192.168.1.0/24 belongs to VLAN1):
Note: We will only focus on the switch side of the configuration (the server and clients are already configured). Packet Tracer will let you enable DHCP (and a pool) on a server and allocate the IP address shown. For the client, you can configure it to use DHCP to obtain IP information.
Task 1:
Configure the hostnames on Sw1 as illustrated in the topology.
Task 2:
Enable DHCP snooping globally and then on the specific VLAN (1).
Task 3:
Make sure that Sw1 trusts the connection to the DHCP server.
Task 4:
Check the DHCP status by running the following commands:
show ip dhcp snooping
show ip dhcp snooping binding (Use this command after a PC requests an address via DHCP.)
Configuration and Verification
Task 1:
For reference information on configuring hostnames, please refer to earlier labs.
Task 2:
SW1(config)#ip dhcp snooping
SW1(config)#ip dhcp snooping vlan1
Task 3:
SW1(config)#interface gigabithethernet0/1
SW1(config-if)#ip dhcp snooping trust
Task 4:
SW1#show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs: 1
Insertion of option 82 is enabled
Interface Trusted Rate limit (pps)
------------------ ------- ----------------
Gigabitethernet0/1 yes unlimited
Gigabitethernet0/2 no unlimited
SW1#show ip dhcp snooping binding
Option 82 on untrusted port is not allowed
MacAddress IpAddress Lease(sec) Type VLAN Interface
00:12:34:81:21:9A 192.168.1.1085545 dynamic1 G
来源: CCNA LAB 69: Assigning Multiple Instances to a VLAN Simultaneously
来源: CCNA LAB 70: Configuring Spanning Tree Protocol for Access Ports (PortFast)
来源: CCNA LAB 71: Enabling Rapid Per-VLAN Spanning Tree
来源: CCNA LAB 72: Configure, Verify, and Troubleshoot EtherChannels (Static/PAgP/L...
来源: CCNA LAB 73: Configuring 802.1X Security {:6_267:}{:6_267:}{:6_267:}{:6_267:}
页:
[1]