[c-nsp] IP conflict !!! How to avoid this....

Kevin Graham mahargk at gmail.com
Tue Apr 26 10:52:14 EDT 2005


On 4/26/05, Kristofer Sigurdsson <ks at rhi.hi.is> wrote:

>         b) DHCP snooping.  You can configure for DHCP snooping, but I'm
>            not sure how well that works (never done it myself).

For IOS-based switches, DHCP Snooping + IP Source Guard along w/ Port
Security will address this problem in spades. Rolling it out into an
existing environment is touchy and requires plenty of attention to
detail, but about the only way this could happen then is if the DHCP
server is handing out duplicates..

(Occurred to me that DHCP Snooping doesn't require specifying a
trusted DHCP server(s); I guess this could be addressed w/ a VACL, but
would seem like a worthwhile thing to add).



More information about the cisco-nsp mailing list