Cisco DHCP server with secure ARP

Example of how to configure Cisco DHCP server with secure ARP table for DHCP leases. To set you must follow the following steps:

1. Securing ARP table entries to DHCP leases
2. Configuring DHCP authorized ARP
3. Verifying DHCP ARP(optional)
   

Securing ARP table entries to DHCP leases

• Enables privileged EXEC mode.

Router> enable

• Enters global configuration mode.

Router# configure terminal

• Configures a DHCP address pool and enters DHCP pool configuration mode.

Router(config)# ip dhcp pool foo-pool

• Specifies the subnet network number and mask or prefix-length of the DHCP address pool.

Router(dhcp-config)# network 172.29.10.0 /23

• Secures insecure ARP table entries to the corresponding DHCP leases.

Router(dhcp-config)# update arp


Configuring DHCP authorized ARP

• Enables privileged EXEC mode.

Router> enable

• Enters global configuration mode.

Router# configure terminal

• Configures an interface type and enters interface configuration mode

Router(config)# interface FastEthernet0/1

• Sets a IP address for an interface.

Router(config-if)# ip-address 172.29.10.1 255.255.254.0

• Disables dynamic ARP learning on an interface. This mean that the IP address to MAC address mapping can only be installed by the authorized subsystem.

Router(config-if)# arp authorized

• Configures how long an entry remains in the ARP cache. The ARP time out period should not be set to less than 30 seconds.

Router(config-if)# arp timeout 60


Verifying DHCP ARP example:


Router#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.29.10.155 136 000e.84d7.62e8 ARPA FastEthernet0/1
Internet 172.29.10.154 136 000e.84d7.62ee ARPA FastEthernet0/1
Internet 172.29.10.158 137 000e.84d7.6378 ARPA FastEthernet0/1