DHCP Snooping and MAC Address Filtering
24 Questions
3 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What happens to DHCP messages received on an untrusted port and normally sent by a DHCP server?

  • They are filtered for MAC address consistency
  • They are forwarded to the client
  • They are checked against the DHCP Snooping binding table
  • They are discarded (correct)
  • Which type of DHCP messages are filtered based on MAC address consistency?

  • LEASE and DHCPACK messages
  • DISCOVER and REQUEST messages (correct)
  • INFORM and DHCPRELEASE messages
  • RELEASE and DECLINE messages
  • What happens when a DHCP message results in a lease?

  • The message is discarded
  • A new entry is added to the DHCP Snooping binding table (correct)
  • The message is forwarded to the client
  • The message is filtered for MAC address consistency
  • What type of ports do not filter DHCP messages?

    <p>Trusted ports</p> Signup and view all the answers

    Why does the attacker send a DHCPOFFER message to PC1?

    <p>To initiate a DHCP attack</p> Signup and view all the answers

    What happens to the packets sent by PC1 to the default gateway?

    <p>They are forwarded to R1 by the attacker</p> Signup and view all the answers

    What is the purpose of the DHCP Snooping binding table?

    <p>To store IP address and MAC address bindings</p> Signup and view all the answers

    What is the result of a DHCP attack on PC1?

    <p>The attacker can keep a copy of PC1's data</p> Signup and view all the answers

    What is the main approach used by DAI to prevent ARP attacks?

    <p>Filtering ARP based on DHCP Snooping binding table</p> Signup and view all the answers

    What is the purpose of ARP ACLs in DAI configuration?

    <p>To provide static IP and MAC address pairs for DAI</p> Signup and view all the answers

    What is the purpose of DHCP Snooping binding table?

    <p>To keep a list of important facts about legitimate DHCP flows</p> Signup and view all the answers

    What is the default setting for ports in DAI configuration?

    <p>Untrusted</p> Signup and view all the answers

    What is a key consideration when configuring DAI on a Layer 2 switch?

    <p>Choosing the correct VLAN(s) to enable DAI</p> Signup and view all the answers

    What happens when an attacker tries to lease all IP addresses in the subnet using a DHCP request?

    <p>The DHCP Snooping will filter out the request and prevent the overload</p> Signup and view all the answers

    What is the primary function of DAI filtering?

    <p>To filter ARP based on DHCP Snooping binding table</p> Signup and view all the answers

    What is the purpose of the chaddr field in a DHCP message?

    <p>To specify the client's hardware address</p> Signup and view all the answers

    What is the purpose of the DHCP Snooping binding table in DAI configuration?

    <p>To provide data about earlier DHCP messages</p> Signup and view all the answers

    What happens when a DHCP RELEASE message is received on a different port than the original DHCP request?

    <p>The DHCP Snooping will discard the RELEASE message and ignore the update</p> Signup and view all the answers

    What is required to configure DHCP Snooping?

    <p>A pair of associated global commands to enable DHCP Snooping and list VLANs</p> Signup and view all the answers

    What is a key benefit of using ARP ACLs in DAI configuration?

    <p>It becomes useful for ports connected to devices that use static IP addresses</p> Signup and view all the answers

    What should be configured to trust on a Layer 2 switch when configuring DAI?

    <p>The port connected to the router</p> Signup and view all the answers

    What is the purpose of configuring trusted ports in DHCP Snooping?

    <p>To allow only trusted ports to access the DHCP server</p> Signup and view all the answers

    What is the result of an attacker attempting to lease all IP addresses in the subnet using a DHCP request?

    <p>No other hosts will be able to obtain a lease</p> Signup and view all the answers

    What does DHCP Snooping check in a DHCP message to prevent MAC address spoofing?

    <p>The chaddr field and Ethernet source MAC address</p> Signup and view all the answers

    Study Notes

    DHCP Snooping and Dynamic ARP Inspection

    • DHCP Snooping checks chaddr (client hardware address) and Ethernet Source MAC to prevent attacks.
    • An attacker can attempt to lease all IP addresses in the subnet, overwhelming the DHCP server.
    • DHCP Snooping builds a binding table for legitimate DHCP clients, listing important facts such as IP addresses and MAC addresses.

    Binding Table

    • The binding table is used by DHCP Snooping and Dynamic ARP Inspection to make decisions.
    • The table lists important facts about legitimate DHCP clients, including IP addresses and MAC addresses.

    DHCP Snooping Logic

    • DHCP Snooping discards DHCP RELEASE messages if the incoming interface and IP address do not match the binding table entry.
    • The process involves comparing the incoming message, interface, and matching table entry.

    DHCP Snooping Configuration

    • DHCP Snooping requires two global commands: one to enable DHCP Snooping and one to list the VLANs on which to use DHCP Snooping.
    • Trusted ports must be configured for DHCP Snooping to operate.

    Dynamic ARP Inspection

    • DAI filtering is based on the DHCP Snooping binding table.
    • DAI checks for source MAC addresses and confirms ARP correctness based on DHCP Snooping data.
    • DAI can also use statically configured ARP ACLs for ports connected to devices with static IP addresses.

    DAI Configuration

    • Before configuring DAI, decisions must be made about using DHCP Snooping, ARP ACLs, or both.
    • DHCP Snooping must be configured, and trusted ports must be selected.
    • DAI must be enabled on select VLANs and ports.

    Summary of Rules for DHCP Snooping

    • DHCP messages received on untrusted ports from servers are discarded.
    • DHCP messages received on untrusted ports from clients may be filtered if they appear to be part of an attack.
    • DHCP messages received on trusted ports are forwarded without filtering.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers how DHCP snooping checks chaddr and Ethernet Source MAC to prevent attacks on DHCP servers. Learn how to filter DISCOVER messages based on MAC addresses and protect your network.

    More Like This

    DHCP Basics Quiz
    5 questions

    DHCP Basics Quiz

    PraisingReef avatar
    PraisingReef
    DHCP
    16 questions

    DHCP

    Doz avatar
    Doz
    DHCP: Servicio de Configuración Dinámica
    13 questions
    Use Quizgecko on...
    Browser
    Browser