The process of DHCP (Dynamic Host Configuration Protocol):
Client ———DHCP Discover (Broadcast)———> Server
Client <———DHCPOFFER——— Server
Client ———DHCP Request———> Server
Client <———DHCPPACK——— ServerThe duration during which the server determines the Lease Time for assigning an IP to the client is referred to as Lease Time.
In DoS (Denial-of-Service) attacks, hackers repeatedly send IP address requests to the server using forged and different MAC addresses from their computers. To combat DoS attacks, Cisco equipment offers the DHCP Snooping feature.
Switch(config)#ip dhcp snooping applies to all ports, putting them in the Untrusted state by default
Switch(config)#ip dhcp snooping vlan 10 activates DHCP Snooping only for VLAN 10
Switch(config)#ip dhcp snooping vlan 10,12,13 applies to VLANs 10/12/13
Switch(config)#ip dhcp snooping vlan 20 - 100 is for VLANs 20 through 100
• Defining Trusted Ports:
Now, we need to set the DHCP server-bound port to a Trusted state:
Switch(config-if)#ip dhcp snooping trust• Defining the Number of Allowed Messages:
At this stage, we’ll define the number of permissible DHCP messages that a switch port can receive per second:
Switch(config-if)#ip dhcp snooping limit rate 2 (restricted to receiving 2 messages per second)