DHCP Snooping

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

3 hours 35 minutes
Video Transcription
Welcome to this Cisco CC and be switched 201 of five example up series. My name is Philip. Mention Ali on in Today's episode will focus on Dee etc. Piece Lupin. When we use the NCP within our networks, it opened up the doors for all kinds of potential attacks. A typical attack is a user bringing in
a roda or a switch or a WiFi device and plugging it in our networks
on on most of those WiFi devices or switches, they have the etc. Be torn on by default, so they would start issue. Indeed, CP offers when the use of plugs in the device into her network, the tackle, this sort of threats we can enable did city snooping on Wendy it CPI snooping has enabled it's going to create a d IT CPI biting database for us,
and it's gonna filter out on one idiot city. Pockets
all in the fiercest are untrusted by default. When you tore non vi etc. Piece Lupin
you would only want to trust in the fierce is that are connected directly. 30th city servers or trunk ports that are connected to order switches leading towards your d. It C P server then able to get CP from global conflagration mode, we would issue the command IBD it CPI snooping
and then we would specify the villain. But you've seen a command I p d it CPI snooping villain and the villain 80. Following this, we would go on early into fierce up configuration more than issue the command IBD it CPI snooping Trust on the very five UTC to command show I pds e p snooping. I'll bring up a lab notes We'll see how we would configure it. Idiot cp snooping
in this love will con trigger and wake or one
with the it CPI Stupid
currently and white quarto is set up the whole for D and C P.
We can quickly very frighten us. And it's issue in the 1 92 1/60 16 that zero network slash 24
I say we check wit and way once the 00 interfaced. Currently it has a static address, so take off the static address. I'll set it together and I'd be addressed from the it CPI. Great. So let's go over there and white core one So will enable the etc be stupid.
So first we'll issue to come on. My p d a s a p snooping on Now we'll specify the villain. We can also specify a range of villains.
So if I had 100 villains on, I wanted to turn on IBD SCP snooping. I would simply do IBD it. CPI snooping Villain 1-100 on that with Tor na ni pds e p stupid Or in our case, we only have one villain or you'll notice as soon as they enable the NCP Stupid We got a message. Tell us
the city snooping from an untrusted port Drop message
untrusted port and tell us
the mark address. So when I re ran the show I pds e p sloping. Now we can see the NCP snooping is enable
and it's enable for a villain one another bottom currently know interferes is listed as trusted So we're going to see this on trusted message. Keep comin in until we trust the interferes that is going to n y court to have two interferes here. So we need to trust one of these interfaces that is coming from and wake or toe
currently the Farsi net 10 20 tree is selected as a report, so we'll trust that for
there we go
now. This time under the short PDS e p snooping output,
we have the first net 10 slash 23 interface listed as trusted. Now, if we go back over to and why 11 we get a nice message telling us. A ditzy P I P address was assigned. It's G 00 into fees
and we can see from the short be interferes briefs output. The method of assignment for this interface is the IT CPI. So that's how you would set up the NCP snooping. All right, let's go back to the slides. We have a post assessment question which command configures support to be trusted. A
i p D IT CPI snooping Trust from global configuration Mode or B i pds e p snooping trust from interferes up configuration mode or C i p d. IT CPI snooping Information trust from interfere sub contra gration Mood
on answer is B from the interfere sub configuration More do this you to command IBD NCP snoop in trust.
In today's episode, we covered it CPI snooping We first enable the NCP stooping globally on then we configured in the face which was going to and why court to to be trusted, which is acting as a D s c P server.
In the next episode, we focused on maybe sores. Guard. This is Philip in Shin Alien and one Thank you, which was in Siberia.
Up Next
CCNP Switch - 300-115

This course is engineered to prepare you for your CISCO Certified Network Professional CCNP Switch 300 - 115. In this course, we will cover all the main domains present in the current version of the CCNP Exam which are centered around infrastructure security and services and layer 2 technologies.

Instructed By