RE: Re dhcp & Option 82
From: Joe Smith (j333smith@hotmail.com)
Date: Thu Dec 23 2004 - 13:19:06 GMT-3
Tim,
It would be useful for large scale DHCP. Switches throughout the enterprise
insert their identification, so a large scale DHCP server(s) can then manage
DHCP services to different areas of the enterprise. I've never used it and
have only done DHCP on a local level.
J3
>From: "ccie2be" <ccie2be@nyc.rr.com>
>To: "Joe Smith" <j333smith@hotmail.com>, <ccielab@groupstudy.com>
>Subject: Re dhcp & Option 82
>Date: Thu, 23 Dec 2004 10:26:26 -0500
>
>Thanks for confirming that, Joe - the documentation doesn't really talk
>about
>
>how dhcp itself operates.
>
>How are you on the Option-82 Data Insertion concept?
>
>I've read that material several times and understand what this does,
>
>but I've no idea why this would be needed or useful.
>
>Any thoughts?
>
>Tim
>
>
>----- Original Message -----
>From: "Joe Smith" <j333smith@hotmail.com>
>To: <ccielab@groupstudy.com>
>Sent: Thursday, December 23, 2004 9:59 AM
>Subject: Re: mac address spoofing & dhcp snooping
>
>
> > Tim,
> >
> > In the documentation for DHCP snooping; a trusted interface is on the
>same
> > network and an untrusted interface is not. So the DHCP snooping feature
>on
> > the 3550 is checking to see if the client is on the same network, if the
> > client is not on the same network then those mac addresses will not
>match.
> >
> > If the client is on the same network, yes I agree they should be the
>same,
> > since that is what the DHCP snooping feature is attempting to verify.
> >
> > HTH
> > J3
> >
> >
> > >From: "ccie2be" <ccie2be@nyc.rr.com>
> > >To: "Joe Smith" <j333smith@hotmail.com>, <ccielab@groupstudy.com>
> > >Subject: Re: mac address spoofing & dhcp snooping
> > >Date: Thu, 23 Dec 2004 09:35:34 -0500
> > >
> > >Hey Joe,
> > >
> > >Thanks for getting back to me on this.
> > >
> > >I should have been more clear but I was referrring to
> > >
> > >dhcp packet from the dhcp client to the first hop device
> > >
> > >which in this case would be a 3550 with dhcp snooping enabled
> > >
> > >and acting as a dhcp relay.
> > >
> > >What I want to confirm is this:
> > >
> > >As the dhcp packet leaves the dhcp client on it's way
> > >
> > >to the dhcp server, the frame's source mac address will ALWAYS
> > >
> > >be the same as the client hardware address carried inside the
> > >
> > >frame unless one or the other of those mac addresses have been
> > >
> > >spoofed, true?
> > >
> > >Since the dhcp snooping process on the 3550 will always drop
> > >
> > >the frame if those 2 mac addresses are not the same, I just wanted to
>make
> > >
> > >sure that if the 3550 did drop the dhcp frame, I can correctly conclude
> > >that
> > >
> > >something is wrong because there's no legit reason those 2 address
>would
> > >be
> > >different.
> > >
> > >The situation I have in mind is when the mac address is set manually as
>is
> > >done sometimes
> > >
> > >in IBM centric IT shops. ( This scenario is probably far-fetched but
>just
> > >wanted to make sure.)
> > >
> > >Thanks, Tim
> > >
> > >----- Original Message -----
> > >From: "Joe Smith" <j333smith@hotmail.com>
> > >To: <ccielab@groupstudy.com>
> > >Sent: Thursday, December 23, 2004 8:45 AM
> > >Subject: RE: mac address spoofing & dhcp snooping
> > >
> > >
> > > > When a packet is routed/forwarded the layer 2 header is stripped and
> > > > replaced. Therefore, if the packet is not from the local network
>the
> > >source
> > > > MAC address will be different then the MAC address in the DHCP
>packet.
> > >And
> > > > yes it is very easy to spoof a local network source MAC address
>and/or
> > > > change the mac address in the DHCP packet.
> > > >
> > > > J3
> > > >
> > > > >From: "ccie2be" <ccie2be@nyc.rr.com>
> > > > >Reply-To: "ccie2be" <ccie2be@nyc.rr.com>
> > > > >To: "Group Study" <ccielab@groupstudy.com>
> > > > >Subject: mac address spoofing & dhcp snooping
> > > > >Date: Wed, 22 Dec 2004 18:47:54 -0500
> > > > >
> > > > >Hi guys,
> > > > >
> > > > >Is it possible to spoof the source mac address of an outgoing
>frame?
> > > > >
> > > > >I ask because when dhcp snooping is enabled on a 3550, it checks
> > > > >
> > > > >to see if the source mac address of the frame is the same as the
>mac
> > > > >address
> > > > >
> > > > >inside the dhcp packet.
> > > > >
> > > > >If the 2 mac addresses are different, the 3550 will drop the
>packet.
> > > > >
> > > > >Besides spoofing the source mac address, are there any possible
>reasons
> > > > >
> > > > >the source mac address would be different from the mac address
> > >contained
> > > > >
> > > > >inside the packet?
> > > > >
> > > > >TIA, Tim
> > > > >
> > > >
> >_______________________________________________________________________
> > > > >Subscription information may be found at:
> > > > >http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > > _________________________________________________________________
> > > > Don�t just search. Find. Check out the new MSN Search!
> > > > http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> > > >
> > > >
>_______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> > _________________________________________________________________
> > Express yourself instantly with MSN Messenger! Download today - it's
>FREE!
> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
This archive was generated by hypermail 2.1.4
: Mon Jan 03 2005 - 10:31:29 GMT-3