Netgear M5300-28G-POE+ (GSM7228PSv1h2) - 12-Port Managed Gigabit Switch Ratgeber Für Administratoren
Security Management
393
Managed Switches
2.
Control the logging DHCP messages filtration by the DHCP Snooping application for port
1/0/27.
1/0/27.
(Netgear Switch) (Interface 1/0/27)#ip dhcp snooping log-invalid
3.
Display the buffered logging output and search for “DHCP packet; op Reply” so you can
determine the IP address and MAC address of the rogue DHCP server.
determine the IP address and MAC address of the rogue DHCP server.
(Netgear Switch) #show logging buffered
<12> Jan 1 05:45:02 172.26.2.129-1 DHCP_SNP[108612668]: ds_util.c(1777) 1112 %%
DHCP packet: op Reply, htype 1, hlen 6, hops 0, xid 3478478447, secs 0, ciaddr
0.0.0.0, yiaddr 10.100.4.14, server 10.100.5.253, giaddr 0.0.0.0, chaddr
6C:B0:CE:19:AE:3D.
DHCP packet: op Reply, htype 1, hlen 6, hops 0, xid 3478478447, secs 0, ciaddr
0.0.0.0, yiaddr 10.100.4.14, server 10.100.5.253, giaddr 0.0.0.0, chaddr
6C:B0:CE:19:AE:3D.
<12> Jan 1 05:45:02 172.26.2.129-1 DHCP_SNP[108612668]: ds_util.c(1735) 1111 %% IP
packet: ver/hlen 0x45, tos 0, len 299, id 0, flags/offset 00, ttl 64, proto 17,
src 10.100.5.253, dst 255.255.255.255.
packet: ver/hlen 0x45, tos 0, len 299, id 0, flags/offset 00, ttl 64, proto 17,
src 10.100.5.253, dst 255.255.255.255.
<12> Jan 1 05:45:02 172.26.2.129-1 DHCP_SNP[108612668]: ds_util.c(1702) 1110 %%
Ethernet header: dest FF:FF:FF:FF:FF:FF, src 00:26:F2:F6:B3:6C, type/len 0x8100.
Ethernet header: dest FF:FF:FF:FF:FF:FF, src 00:26:F2:F6:B3:6C, type/len 0x8100.
<12> Jan 1 05:45:02 172.26.2.129-1 DHCP_SNP[108612668]: ds_main.c(2596) 1109 %%
DHCP snooping dropping DHCP server message received on untrusted interface 1/0/27 on
vlan 1. This message appears when DHCP Snooping untrusted port drops the DHCP Server
message.
DHCP snooping dropping DHCP server message received on untrusted interface 1/0/27 on
vlan 1. This message appears when DHCP Snooping untrusted port drops the DHCP Server
message.
In the previous example, the IP address of the DHCP server is 10.100.5.253 and the
MAC address is 00:26:F2:F6:B3:6C.
MAC address is 00:26:F2:F6:B3:6C.
Web Interface: Find a Rogue DHCP server
1.
Check the statistics on the untrusted ports:
a. Select Security > Control > DHCP Snooping > Statistics.
A screen similar to the following displays.
b. Determine if messages in the DHCP Server Msgs Rec’d column increase for any
port.
a. The previous figure shows that the messages increased for port 1/0/27, indicating
that the port is connected to a rogue DHCP server.