This is the Yusuf L2 attack presentation I am referring to: http://www.sanog.org/resources/sanog7/yusuf-L2-attack-mitigation.pdf
-- Ernesto Gonzalez G. On Tue, Jun 19, 2012 at 10:20 AM, Ernesto González <[email protected]>wrote: > *Good day guys, > > I was looking for some clarification on when the "no ip dhcp snooping > information option" command is required (to get task points) and when it > isn't. > > There are two workarounds to the option 82 issue: > > 1. no ip dhcp snooping information option - SW > 2. a. (globally) ip dhcp relay information trust-all - IOS DHCP Server > b. (interface) ip dhcp relay information trusted - IOS DHCP Server > > Now the scenarios: > > Scenario#1 - IPSG* > > *NO ip dhcp snooping information option* - REQUIRED per Yusuf ex 8.4 Lab > # 2 and Yusuf L2 Security presentation page 74 > > *Scenario#2 - IPSG + mac-address validation (port-security) > * > *ip dhcp snooping information option* - REQUIRED per > http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swdhcp82.html#wp1294425and > Yusuf L2 Security presentation page 74 > *ip dhcp relay information trusted* - REQUIRED > > *Scenario#3 - DAI* > > *NO ip dhcp snooping information option* - REQUIRED per Yusuf L2 Security > presentation page 59 > > *Are these correct? Am I missing anything? > > Thanks for you assistance!!! > > -- > Ernesto Gonzalez G.* >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
