1
00:00:12,840 --> 00:00:18,930
In this packet tracer lab, you need to configure DHCP snooping, you need to configure the switch

2
00:00:19,200 --> 00:00:26,580
so that a DHP office and other DHP messages from the rogue DHP server are blocked.

3
00:00:27,300 --> 00:00:34,830
You want to configure the switch to only trust this DHCP server and not the rogue DHCP server.

4
00:00:36,910 --> 00:00:39,130
At the moment on the PCs.

5
00:00:40,960 --> 00:00:48,340
When we use ipconfig, we can see the address that was allocated via DHCP and we can get another address

6
00:00:48,430 --> 00:00:50,830
by using ipconfig/renew.

7
00:00:52,190 --> 00:00:53,570
So that looks good.

8
00:00:55,820 --> 00:01:03,200
But notice, once I've done that enough times, an IP address from a different subnet is allocated the

9
00:01:03,200 --> 00:01:04,849
rogue DHCP server

10
00:01:05,890 --> 00:01:11,500
is configured with the DHCP pool in the 10.1.1.100 range.

11
00:01:13,520 --> 00:01:15,560
The Enterprise DHCP server

12
00:01:17,110 --> 00:01:21,520
is configured with a pool in the range, 10.1.1.0.

13
00:01:23,440 --> 00:01:31,240
So initially PC 2 received an IP address from the Enterprise DHCP server, but then received an IP

14
00:01:31,240 --> 00:01:33,670
address from the rogue DHCP server.

15
00:01:34,710 --> 00:01:35,730
On PC 1

16
00:01:37,640 --> 00:01:43,110
IP config, this PC has received an IP address from the rogue DHCP server.

17
00:01:44,000 --> 00:01:47,870
So when PCs, boot up and send to DHCP requests

18
00:01:49,850 --> 00:01:57,470
they may receive an IP address from the rogue DHCP server instead of the Enterprise DHCP server, as an

19
00:01:57,470 --> 00:02:01,490
example, when I enable simulation mode in Packet Tracer

20
00:02:03,240 --> 00:02:06,450
and the PC sends a DHCP request message.

21
00:02:08,240 --> 00:02:11,480
That's going to go to the switch as a broadcast.

22
00:02:14,790 --> 00:02:21,500
The destination address of the frame is Fs, it's a broadcast address, destination IP address is broadcast.

23
00:02:22,110 --> 00:02:24,120
There's no source IP address at the moment.

24
00:02:24,780 --> 00:02:26,310
The source Mac addresses is this.

25
00:02:28,810 --> 00:02:34,960
Which is the Mac address of the client notice ending in 2189.

26
00:02:38,440 --> 00:02:41,230
That DHCP message is flooded by the switch

27
00:02:43,750 --> 00:02:47,770
and the DHCP servers will both send messages to the client.

28
00:02:48,250 --> 00:02:53,200
Here's a message from 10.1.1.200.

29
00:02:54,450 --> 00:02:56,100
That is the enterprise server

30
00:02:57,370 --> 00:02:58,270
but here

31
00:02:59,470 --> 00:03:03,530
is a message from the rogue DHCP server.

32
00:03:04,060 --> 00:03:06,190
It's also a DHCP message.

33
00:03:08,040 --> 00:03:13,860
So messages from both the DHCP servers are being sent to the client

34
00:03:18,210 --> 00:03:24,540
and both servers will allocate an IP address to the client, here's the IP address from the enterprise

35
00:03:24,540 --> 00:03:29,670
server and here's a message from the rogue DHCP server.

36
00:03:30,980 --> 00:03:38,000
So those messages will be sent to the client and eventually the client will receive an IP address.

37
00:03:40,440 --> 00:03:47,190
The IP address that was offered by the Enterprise DHCP server is the IP address used by the client

38
00:03:47,640 --> 00:03:51,750
but that may not hold true in every case.

39
00:03:53,780 --> 00:03:59,120
In this example, notice the client has got an IP address from the rogue DHCP server.

40
00:03:59,990 --> 00:04:07,790
So once again, you need to enable DHCP snooping on this switch so that the switch trusts the Enterprise

41
00:04:07,790 --> 00:04:17,000
DHCP server and not the rogue DHCP server for verification use debug to view the results and prove that

42
00:04:17,110 --> 00:04:20,760
DHCP packets are not allowed from the rogue DHCP server.

43
00:04:21,260 --> 00:04:30,170
In other words, use simulation mode to prove that a DHCP offers and other messages from the DHCP rogue

44
00:04:30,170 --> 00:04:32,280
server are blocked by the switch.

45
00:04:32,930 --> 00:04:41,000
So can you configure DHCP snooping? Download the packet tracer file and see if you can complete

46
00:04:41,090 --> 00:04:42,140
this lab yourself.

47
00:04:42,480 --> 00:04:46,280
Otherwise, watch the next video where I complete the lab.