Network Kings

Multi-Access Year Deal

Get 55+ courses now at the best price ever! Use Code:    MULTIYEAR

d :
h :
m
Claim Offer
Consult Us

what is dhcp snooping

What is DHCP Snooping and How Does It Work?

by
DHCP Snooping
DHCP Snooping

In this blog, we will discuss DHCP snooping in detail. Sometimes, users can acquire illegal IP addresses. This is where the DHCP snooping can come into play which prevents a user from acquiring a fake IP address coming from an untrustworthy DHCP server.

In other words, we can say that the DHCP server is a security feature available on Cisco switches that helps to protect against attacks that take advantage of DHCP. This is a part of CCNA course syllabus ‘configure layer 2 security features’. 

We will cover what is DHCP snooping, how it works, the common attacks prevented by DHCP snooping, and DHCP snooping configuration. Let us begin covering all these topics one by one in detail.

In the previous blog of our CCNA 200-301 series , we talked about the Port Security in networking. I recommend you go through it before you jump to this blog. 

Stick till the end to grasp all these important concepts!

What is DHCP Snooping?

Let’s now go over the basics of DHCP snooping.

DHCP snooping is a security feature of switches that are used to filter DHCP messages received on untrusted ports. You must note that the DHCP snooping only filters DHCP messages. Any other non-DHCP message is not affected. 

The following are the key features of DHCP snooping:

  • All ports are untrusted by default. It is up to you to configure which ports will be trusted.
  • By default, uplink ports are configured as trusted ports whereas downlink ports are untrusted ports. The latter remains untrusted as any malicious user can initiate a DHCP-based attack from one of their devices in a network connected via a DHCP server.

For example, if there is an end host in a network that wants an IP address, it will use a DHCP server or relay agent to receive an IP address. Since the downlink ports on the switches (pointing toward the end hosts) are untrusted, a network administrator must configure the uplink ports (trusted ports).

DHCP Snooping
  • DHCP snooping won’t inspect any messages on trusted ports. The switch will forward them as normal. The ports that point away from the end hosts toward the network infrastructure are uplink hosts.
  • The DHCP server then replies to the DHCP message sent by the user and sends it back to the user through uplink ports.

How Does DHCP Snooping Work?

In order to understand how DHCP snooping works, it is very important for you to understand how a DHCP server works in the first place. 

When the DHCP is enabled, a network device without any IP address assigned will approach the DHCP server in four stages:

  • Discovery stage
  • Offer stage
  • Request stage
  • Acknowledgment stage

We have already discussed these stages in our DHCP blog. Make sure to read it before you learn DHCP snooping.

As we have read in the above-mentioned example the DHCP offer message can only be sent through the trusted port when the DHCP snooping is initiated. Or else, it will be cancelled and dropped.

DHCP server

After the offer stage, a DHCP binding table is created on the basis of the DHCP ACK message in the acknowledgment stage. The following metrics are noted in the DHCP binding table:

  • MAC address of the host
  • The leased IP address from the DHCP server
  • The binding type
  • The VLAN number
  • Interface information related to the host

If the upcoming DHCP packet received from an untrusted host fails to match the provided information, it will be disapproved.

What are the Common Attacks Prevented by DHCP?

Let us now discuss a bunch of examples of DHCP-based attacks that DHCP snooping can prevent against!

DHCP Starvation:

  • It is also called a DHCP exhaustion attack.
  • In such an attack, the attacker uses a spoofed MAC address to flood the DHCP Discover messages, i.e., the messages that are sent to request the IP address.
  • Then the target server’s DHCP pool becomes full. This results in a Denial-of-Service (DoS) to other devices.
  • They won’t be able to get an IP address from the server.
  • The attacker sends countless DHCP discover messages with false source MAC addresses.

DHCP Poisoning/Spoofing Attack (Man-in-the-Middle):

  • DHCP poisoning can be used to perform a Man-in-the-Middle attack.
  • A fake DHCP server replies to a client’s DHCP discover messages and assigns them an IP address, but makes the client use the fake/rogue server’s IP as the default gateway.
  • The client usually accepts the first offer message they receive.
  • This will cause the client to send traffic to the attacker instead of the real default gateway.
  • The attacker can then modify or examine the traffic before forwarding it to the real default gateway.

How is DHCP Snooping Configured?

Let us now go over some basic DHCP snooping configurations.

In order to enable DHCP snooping on the switch (switch no. 2), the following command is run:

SW2(config)#ip dhcp snooping

But this is not enough. The DHCP snooping needs to be enabled globally with IP DHCP snooping by directing the switch to enable it on the VLAN as such:

SW2(config)#ip dhcp snooping vlan1

Then the no ip dhcp snooping information option is enabled as such. This step is not necessary but depends on the network design.

SW2(config)#no ip dhcp snooping information option

Finally, one of the uplink port or interface on the switch (G0/0 interface) is configured as such:

SW2(config)#interface g0/0

SW2(config)#ip dhcp snooping trust

As we have discussed before that all the ports are untrusted by default and it needs to be mentioned which ports can be trusted.

A similar configuration is performed for another switch such as switch no. 1 in a network consisting of the DHCP server.

After that, the DHCP binding table is checked by using the following command:

SW1#show ip dhcp snooping binding

This is how DHCP snooping is configured!

Conclusion

This wraps up everything you need to know about DHCP snooping. It is very important to learn the mechanism of DHCP snooping and how a DHCP server behaves in such a situation. Before jumping on to DHCP snooping, it is necessary to learn how DHCP works and assigns IP addresses to the hosts.

Happy learning!

Stay tuned for more blogs for the CCNA 200-301 series!

What is Dynamic Host Configuration Protocol? Know DHCP in Detail

by
what is DHCP?
what is DHCP?

In this blog, we will learn about one of the most important Internet protocols that are used in a router. You must know that Dynamic Host Configuration Protocol (DHCP) is mostly used in our homes! Our home routers usually function as DHCP servers. 

Until now, you must be familiar with the process of routing and how it works. We have also learned about switching as well. Let’s begin learning about the Dynamic Host Configuration Protocol (DHCP) without any further ado!

Note: If you haven’t read the previous blog of our CCNA 200-301 series, I highly recommend you do so. 

We will understand what a Dynamic Host Configuration Protocol (DHCP) is and why it is used. We will also learn how the DHCP works. It is also very important to understand the features of the DHCP servers.

Let’s start learning!

What is DHCP Network?

There are billions of devices that want to access the Internet or communicate with each other. As you have learned before, it is very important for any networking device to have its own IP Address

However, it was a very difficult task to assign the IP addresses to different network devices manually. Therefore, we needed a service that could assign the IP addresses to networking devices automatically. 

The Dynamic Host Configuration Protocol (DHCP) is a networking protocol that automatically assigns IP addresses. The DHCP works on the Client-Server Model. It means that the client requests the servers to complete its assigned task.

Client-Server Model

Note: You must note that the DHCP assigns private IP addresses to the hosts. These private IP addresses are then converted into public IP addresses with the help of Network Address Translation (NAT) protocol.

It is an Internet protocol that functions in the Application Layer of the TCP/IP model. Therefore, it uses TCP and UDP in layer 4 because of which it also has its own port number.

In the Layer 4 header, there is a source port number and a destination port number. The DHCP uses 2 port numbers

  • 67 (for DHCP Server), and 
  • 68 (for DHCP Client).

What are the Key Features of the Dynamic Host Configuration Protocol (DHCP)?

The following are the key features of the Dynamic Host Configuration Protocol (DHCP). These are:

  • The DHCP automatically assigns IP addresses to the DHCP client.
  • It works on the client-server model.
  • The DHCP functions in the Application Layer.
  • The assigned IP addresses are called the Dynamic IP Addresses.
  • The range of the DHCP IP address is called Scope.
  • Another method to assign IP addresses is Boot P. However, a Mac address has to be entered manually in order to assign IP addresses in Boot P.
  • DHCP is a dynamic Boot P.
  • The DHCP uses UDP port 67 and 68 at the Transport Layer.

What is DHCP Server?

The DHCP protocol runs in a Dynamic Host Configuration Protocol (DHCP) server. It is the task of the DHCP server to automatically assign IP addresses, default gateways and other network services to client devices.

A lot of companies still use DHCP on IPv4 in their router and switches. This is a great alternative for the Network Engineers/Administrators who want quick access to the DHCP without spending on a DHCP server.

Note: The IP addresses assigned by the DHCP server are dynamic. They change when a client’s contract for that particular IP address expires.

Why is DHCP Used?

Imagine a DHCP server as a contract-based worker. The DHCP server has a pool of IP addresses that it can dynamically assign to the DHCP-enabled hosts.

Any network device needs a unicast IP address in order to communicate with the Internet. IP addresses for any new computer or a computer that changes its subnet has to be configured manually.

All thanks to the DHCP server. It is able to automate this process of assigning IP addresses. Therefore, there is a contract-based relationship between a host and the DHCP server. A DHCP server is established by a Network Administrator which maintains the TCP/IP configuration information.

This TCP/IP configuration information is stored in a database by the DHCP server which consists of the following:

  • Valid TCP/IP configuration guidelines for all the clients present in a network.
  • Maintenance of a pool of IP addresses that can be assigned to the client dynamically and can be reassigned.
  • The period of time for which an IP address can be lended by the client.
  • Reservation of IP addresses that are taken by the DHCP clients. This makes sure that a single IP address is assigned to a particular DHCP-enabled client consistently.

Note: DHCP also provides the following facilities to the client:

  • Router (default gateway)
  • DNS servers
  • Domain Name System (DNS) addresses
  • Subnet mask information

How Does a DHCP Work?

In order to get the IP address assigned, a DHCP-enabled client sends a request to the DHCP server in order to get connected to the Internet.

what is dhcp and how it works?

The following steps are followed in the assignment of the IP address:

  • The client requests:

The DHCP-enabled client configured with DHCP broadcasts a request to the DHCP server and also requests the network configuration information for the local network.

  • The DHCP responds:

The DHCP server responds to the client’s request. It then provides the IP configuration information specified by a Network Administrator. It includes: IP address and allocation of contracted time period (lease).

  • DHCP records IP address:

After allocating the IP address to a DHCP-enabled client, the DHCP server notes down the IP address. Media Access Control (MAC) address avoids the configuration of multiple devices with the same IP address.

  • IP address acknowledgement:

The DHCP server acknowledges the assignment of the IP address.

This is how a DHCP server works!

Bottom Line:

A DHCP server is the most feasible in Local Area Networks (LANs). In the case of Wide Area Networks (WANs), multiple DHCP servers need to be configured. In a LAN, one or two DHCP servers are enough.

You must note that there is no built-in mechanism in the DHCP server to authenticate the client. Any fake client exhausts the pool of DHCP IP addresses. 

Now that you know how a DHCP server works and why it is used, we will learn about the static and dynamic IP addressing in the upcoming blogs.

Stay tuned for the upcoming blog of our CCNA 200-301 series. 

Happy learning!