DHCP Snooping


For this lab you need REAL hardware. You can’t use switches in GNS3!

You need at least a Cisco Catalyst 3550 switch for this lab.

One of your customers is being plagued by attacks on their switched infrastructure. You as a specialized switch specialist are looking for a method to counter DHCP spoofing attacks. Let’s see what you can do for them…


  • Configure the IP addresses on router Attacker and DHCP as specified in the topology picture.
  • Configure DHCP server on router DHCP so it can serve the client an IP address.
  • Configure DHCP snooping globally on SW1.
  • Configure SW1 to use the correct trusted and untrusted interfaces.
  • Configure SW1 so the client is limited to 10 DHCP packets per second.
  • Configure router Attacker as a DHCP server to verify your DHCP snooping configuration.

It took me 1000s of hours reading books and doing labs, making mistakes over and over again until I mastered all the switch protocols for CCNP.

Would you like to be a master of switching too? In a short time without having to read 900 page books or google the answers to your questions and browsing through forums?

I collected all my knowledge and created a single ebook for you that has everything you need to know to become a master of switching.

You will learn all the secrets about DHCP, DHCP snooping and more.

Does this sound interesting to you? Take a look here and let me show you how to Master CCNP SWITCH


Basic IOS for the switches should be sufficient. No special features needed.


DHCP Snooping

Video Solution:

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by René Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

René - CCIE #41726 is the creator of GNS3Vault.com where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on http://networklessons.com