Professional Documents
Culture Documents
ACFrOgC B3yylYbk-of8x9 YBdxTjBNXvzCxp9LvWXGHScoJpHvAMJn6yALLe4KudqsbAIxDehvisq2kVPPrgKfnPFxzTggnyAZpSCw5LaprghnbTetGV4WGC-NRyGJt0wc 29SQvYTJfVisTAky
ACFrOgC B3yylYbk-of8x9 YBdxTjBNXvzCxp9LvWXGHScoJpHvAMJn6yALLe4KudqsbAIxDehvisq2kVPPrgKfnPFxzTggnyAZpSCw5LaprghnbTetGV4WGC-NRyGJt0wc 29SQvYTJfVisTAky
com/shahinazelkasrawy
Chapter #7
Volume #2
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
Implementing DHCP
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
In This Chapter
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
• the vast majority of user devices learn their IPv4 settings using
DHCP
• resulting in fewer user errors.
• DHCP allows both the permanent assignment of host addresses,
but more commonly, DHCP assigns a temporary lease of IP
addresses
• Without DHCP, the user would have to ask for information about
the local network and configure settings manually
4
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
DHCP Concepts
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
“ ▪ This feature, by
which a router relays
DHCP messages by
changing the IP
addresses in the
packet header, is
called DHCP relay.
10
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
11
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
IP Helper Address for the Offer Message Returned from the DHCP Server
12
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
14
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
• The CCNA 200-301 exam blueprint does not mention the DHCP
server function
16
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
17
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
18
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
19
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
20
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
21
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
22
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
23
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
24
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
Chapter #8
Volume #2
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
In This Chapter
27
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
DHCP SNOOPING
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
30
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
Rules
31
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
33
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
34
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
35
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
36
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
37
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
38
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
39
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
Insertion of option 82
40
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
41
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
42
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
“ ▪ feature on a switch
examines incoming
ARP messages on
untrusted ports to
filter those it believes
to be part of an
attack.
45
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
47
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
48
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
49
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
50
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
51
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
52
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
53
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
54
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
55
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
56
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
57
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
58
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
59
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
60
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
61
www.facebook.com/eng.shahinaz
www.youtube.com/shahinazelkasrawy
62
www.facebook.com/eng.shahinaz
IP ARP Inspection Configuration Summary www.youtube.com/shahinazelkasrawy
• Step 1. Use the ip arp inspection vlan vlan-list global command to enable Dynamic ARP Inspection (DAI)
on the switch for the specified VLANs.
• Step 2. Separate from the DAI configuration, also configure DHCP Snooping and/or ARP ACLs for use by
DAI.
• Step 3. Configure the ip arp inspection trust interface subcommand to override the default setting of not
trusted.
• Step 4. (Optional): Configure DAI rate limits and err-disabled recovery: SW2(config)# ip arp inspection
validate src-mac SW2(config)# ^Z SW2# SW2# show ip arp inspection Source Mac Validation : Enabled
Destination Mac Validation : Disabled IP Address Validation : Disabled
▫ Step A. (Optional): Configure the ip arp inspection limit rate number [burst interval seconds]
interface subcommand to set a limit of ARP messages per second, or ARP messages for each
configured interval.
▫ Step B. (Optional): Configure the ip arp inspection limit rate none interface subcommand to disable
rate limits.
▫ Step C. (Optional): Configure the errdisable recovery cause arpinspection global command to
enable the feature of automatic recovery from err-disabled mode, assuming the switch placed the port
in err-disabled state because of exceeding DAI rate limits.
▫ Step D. (Optional): Configure the errdisable recovery interval seconds global commands to set the 63
time to wait before recovering from an interface err-disabled state (regardless of the cause of the
www.facebook.com/eng.shahinaz
err-disabled state).
www.youtube.com/shahinazelkasrawy
Good Luck ☺
Eng. Shahinaz Elkasrawy
www.facebook.com/eng.shahinaz