Sunday 17 February 2008

Cisco DHCP server with secure ARP

Example of how to configure Cisco DHCP server with secure ARP table for DHCP leases. To set you must follow the following steps:

  1. Securing ARP table entries to DHCP leases
  2. Configuring DHCP authorized ARP
  3. Verifying DHCP ARP(optional)

Securing ARP table entries to DHCP leases
  • Enables privileged EXEC mode.
Router> enable
  • Enters global configuration mode.
Router# configure terminal
  • Configures a DHCP address pool and enters DHCP pool configuration mode.
Router(config)# ip dhcp pool foo-pool
  • Specifies the subnet network number and mask or prefix-length of the DHCP address pool.
Router(dhcp-config)# network 172.29.10.0 /23
  • Secures insecure ARP table entries to the corresponding DHCP leases.
Router(dhcp-config)# update arp


Configuring DHCP authorized ARP

  • Enables privileged EXEC mode.
Router> enable
  • Enters global configuration mode.
Router# configure terminal
  • Configures an interface type and enters interface configuration mode
Router(config)# interface FastEthernet0/1
  • Sets a IP address for an interface.
Router(config-if)# ip-address 172.29.10.1 255.255.254.0
  • Disables dynamic ARP learning on an interface. This mean that the IP address to MAC address mapping can only be installed by the authorized subsystem.
Router(config-if)# arp authorized
  • Configures how long an entry remains in the ARP cache. The ARP time out period should not be set to less than 30 seconds.
Router(config-if)# arp timeout 60


Verifying DHCP ARP example:


Router#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.29.10.155 136 000e.84d7.62e8 ARPA FastEthernet0/1
Internet 172.29.10.154 136 000e.84d7.62ee ARPA FastEthernet0/1
Internet 172.29.10.158 137 000e.84d7.6378 ARPA FastEthernet0/1
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)