Re dhcp & Option 82

From: ccie2be (ccie2be@nyc.rr.com)
Date: Thu Dec 23 2004 - 12:26:26 GMT-3

• Next message: ccie2be: "Re: mac address spoofing & dhcp snooping"
• Previous message: Andrew Lee Lissitz: "RE: Frame Relay Questions"
• Next in thread: Joe Smith: "RE: Re dhcp & Option 82"
• Maybe reply: Joe Smith: "RE: Re dhcp & Option 82"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for confirming that, Joe - the documentation doesn't really talk
about

how dhcp itself operates.

How are you on the Option-82 Data Insertion concept?

I've read that material several times and understand what this does,

but I've no idea why this would be needed or useful.

Any thoughts?

Tim

----- Original Message -----
From: "Joe Smith" <j333smith@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Thursday, December 23, 2004 9:59 AM
Subject: Re: mac address spoofing & dhcp snooping

> Tim,
>
> In the documentation for DHCP snooping; a trusted interface is on the same
> network and an untrusted interface is not. So the DHCP snooping feature
on
> the 3550 is checking to see if the client is on the same network, if the
> client is not on the same network then those mac addresses will not match.
>
> If the client is on the same network, yes I agree they should be the same,
> since that is what the DHCP snooping feature is attempting to verify.
>
> HTH
> J3
>
>
> >From: "ccie2be" <ccie2be@nyc.rr.com>
> >To: "Joe Smith" <j333smith@hotmail.com>, <ccielab@groupstudy.com>
> >Subject: Re: mac address spoofing & dhcp snooping
> >Date: Thu, 23 Dec 2004 09:35:34 -0500
> >
> >Hey Joe,
> >
> >Thanks for getting back to me on this.
> >
> >I should have been more clear but I was referrring to
> >
> >dhcp packet from the dhcp client to the first hop device
> >
> >which in this case would be a 3550 with dhcp snooping enabled
> >
> >and acting as a dhcp relay.
> >
> >What I want to confirm is this:
> >
> >As the dhcp packet leaves the dhcp client on it's way
> >
> >to the dhcp server, the frame's source mac address will ALWAYS
> >
> >be the same as the client hardware address carried inside the
> >
> >frame unless one or the other of those mac addresses have been
> >
> >spoofed, true?
> >
> >Since the dhcp snooping process on the 3550 will always drop
> >
> >the frame if those 2 mac addresses are not the same, I just wanted to
make
> >
> >sure that if the 3550 did drop the dhcp frame, I can correctly conclude
> >that
> >
> >something is wrong because there's no legit reason those 2 address would
> >be
> >different.
> >
> >The situation I have in mind is when the mac address is set manually as
is
> >done sometimes
> >
> >in IBM centric IT shops. ( This scenario is probably far-fetched but
just
> >wanted to make sure.)
> >
> >Thanks, Tim
> >
> >----- Original Message -----
> >From: "Joe Smith" <j333smith@hotmail.com>
> >To: <ccielab@groupstudy.com>
> >Sent: Thursday, December 23, 2004 8:45 AM
> >Subject: RE: mac address spoofing & dhcp snooping
> >
> >
> > > When a packet is routed/forwarded the layer 2 header is stripped and
> > > replaced. Therefore, if the packet is not from the local network the
> >source
> > > MAC address will be different then the MAC address in the DHCP packet.
> >And
> > > yes it is very easy to spoof a local network source MAC address and/or
> > > change the mac address in the DHCP packet.
> > >
> > > J3
> > >
> > > >From: "ccie2be" <ccie2be@nyc.rr.com>
> > > >Reply-To: "ccie2be" <ccie2be@nyc.rr.com>
> > > >To: "Group Study" <ccielab@groupstudy.com>
> > > >Subject: mac address spoofing & dhcp snooping
> > > >Date: Wed, 22 Dec 2004 18:47:54 -0500
> > > >
> > > >Hi guys,
> > > >
> > > >Is it possible to spoof the source mac address of an outgoing frame?
> > > >
> > > >I ask because when dhcp snooping is enabled on a 3550, it checks
> > > >
> > > >to see if the source mac address of the frame is the same as the mac
> > > >address
> > > >
> > > >inside the dhcp packet.
> > > >
> > > >If the 2 mac addresses are different, the 3550 will drop the packet.
> > > >
> > > >Besides spoofing the source mac address, are there any possible
reasons
> > > >
> > > >the source mac address would be different from the mac address
> >contained
> > > >
> > > >inside the packet?
> > > >
> > > >TIA, Tim
> > > >
> > >
>_______________________________________________________________________
> > > >Subscription information may be found at:
> > > >http://www.groupstudy.com/list/CCIELab.html
> > >
> > > _________________________________________________________________
> > > Dont just search. Find. Check out the new MSN Search!
> > > http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> > >
> > >

• Next message: ccie2be: "Re: mac address spoofing & dhcp snooping"
• Previous message: Andrew Lee Lissitz: "RE: Frame Relay Questions"
• Next in thread: Joe Smith: "RE: Re dhcp & Option 82"
• Maybe reply: Joe Smith: "RE: Re dhcp & Option 82"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:29 GMT-3