CLI – The following is an example of the MAC Based ACL CLI commands:
Console(config)#
4-306
Console(config-mac-al)#
4-307
Console (config-mac-acl)#
4-308
DHCP Snooping
DHCP Snooping expands network security by providing an extra layer of security
between untrusted interfaces and DHCP servers. By enabling DHCP Snooping
network administrators can identify between trusted interfaces connected to
end-users or DHCP Servers, and untrusted interface located beyond the network
firewall.
DHCP Snooping filters untrusted messages. DHCP Snooping creates and maintains
a DHCP Snooping Table which contains information received from untrusted
packets. Interfaces are untrusted if the packet is received from an interface from
outside the network or from a interface beyond the network firewall. Trusted
interfaces receive packets only from within the network or the network firewall.
The DHCP Snooping Table contains the untrusted interfaces MAC address, IP
address, Lease Time, VLAN ID, and interface information.
The DHCP section contains the following topics:
Figure 3-79. MAC Based ACL Page
mac access-list
permit
6:6:6:6:6:6 0:0:0:0:0:0
deny
66:66:66:66:66:66
macl-acl1
3
DHCP Snooping
any vlan
6
173