![]() ![]() To other interfaces in VLAN1 this is normal and you don't need to worry about.ĭo you mean to interfaces to VLANs different from VLAN 1 and VLAN 161 ?įirst of all, the ip helper-address converts broadcasts related to some protocols to packets with a unicast destination that can be routed in your case one packet is sent to server1 172.16.1.1 and another copy of the same packet is sent to server2 172.16.1.2. > but the broadcast also send to other interfaces You need to trust uplink ports if they are L2 trunks and you need to trust ports to WLC wireless controllers, as the WLC makes some minor change in the DHCP request that is not accepted by DHCP snooping. This is the reason why DHCP snooping can be effective in blocking unwanted DHCP servers. Hint: an untrusted port for DHCP snooping will drop messages coming from a DHCP server and allows only messages generated by a client. However, enabling a feature like DHCP snooping and setting all access ports as untrusted will prevent rogue unwanted DHCP servers from disturbing your network ![]() Not directly as a broadcast frame is flooded to all ports in a VLAN ( also called a broadcast domain for this reason). > Is there any way to prevent it (because if someone run DHCP the clients will get IP) ? The SVI interface interface vlan1 is just one of these hosts and it will perform the change to DHCP servers as configured with ip helper-address. Yes it is the DHCP request is generated as a frame with ethernet broadcast destination and for this reason it reaches every port in VLAN1. ![]() so to other interfaces in VLAN1 is normal ? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |