{"id":30976,"date":"2025-06-26T12:58:02","date_gmt":"2025-06-26T05:58:02","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=30976"},"modified":"2025-06-26T13:01:10","modified_gmt":"2025-06-26T06:01:10","slug":"dhcp-snooping-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/","title":{"rendered":"DHCP Snooping l\u00e0 g\u00ec? H\u01b0\u1edbng d\u1eabn c\u1ea5u h\u00ecnh A-Z \u0111\u1ec3 b\u1ea3o v\u1ec7 m\u1ea1ng"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#DHCP-Snooping-la-gi\" >DHCP Snooping l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Tai-sao-phai-su-dung-DHCP-Snooping\" >T\u1ea1i sao ph\u1ea3i s\u1eed d\u1ee5ng DHCP Snooping?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Ngan-chan-Rogue-DHCP-Server\" >Ng\u0103n ch\u1eb7n Rogue DHCP Server<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Chong-tan-cong-DHCP-Starvation\" >Ch\u1ed1ng t\u1ea5n c\u00f4ng DHCP Starvation<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Co-che-hoat-dong-cua-DHCP-Snooping\" >C\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng c\u1ee7a DHCP Snooping<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Trusted-Port-Cong-tin-cay\" >Trusted Port (C\u1ed5ng tin c\u1eady)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Untrusted-Port-Cong-khong-tin-cay\" >Untrusted Port (C\u1ed5ng kh\u00f4ng tin c\u1eady)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#DHCP-Snooping-Binding-Database\" >DHCP Snooping Binding Database<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Huong-dan-cau-hinh-DHCP-Snooping-tren-Switch-Cisco\" >H\u01b0\u1edbng d\u1eabn c\u1ea5u h\u00ecnh DHCP Snooping tr\u00ean Switch Cisco<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Buoc-1-Kich-hoat-DHCP-Snooping-toan-cuc\" >B\u01b0\u1edbc 1: K\u00edch ho\u1ea1t DHCP Snooping to\u00e0n c\u1ee5c<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Buoc-2-Kich-hoat-cho-VLAN-cu-the\" >B\u01b0\u1edbc 2: K\u00edch ho\u1ea1t cho VLAN c\u1ee5 th\u1ec3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Buoc-3-Cau-hinh-cong-Trusted\" >B\u01b0\u1edbc 3: C\u1ea5u h\u00ecnh c\u1ed5ng Trusted<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Buoc-4-Tuy-chon-Gioi-han-Rate-limit\" >B\u01b0\u1edbc 4: (T\u00f9y ch\u1ecdn) Gi\u1edbi h\u1ea1n Rate-limit<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Buoc-5-Cac-lenh-kiem-tra-va-xac-minh\" >B\u01b0\u1edbc 5: C\u00e1c l\u1ec7nh ki\u1ec3m tra v\u00e0 x\u00e1c minh<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Moi-quan-he-giua-DHCP-Snooping-va-cac-tinh-nang-khac\" >M\u1ed1i quan h\u1ec7 gi\u1eefa DHCP Snooping v\u00e0 c\u00e1c t\u00ednh n\u0103ng kh\u00e1c<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Dynamic-ARP-Inspection-DAI\" >Dynamic ARP Inspection (DAI)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#IP-Source-Guard-IPSG\" >IP Source Guard (IPSG)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Cau-hoi-thuong-gap-FAQ\" >C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p (FAQ)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/interdata.vn\/blog\/dhcp-snooping-la-gi\/#Tong-ket\" >T\u1ed5ng k\u1ebft<\/a><\/li><\/ul><\/nav><\/div>\n<p>Vi\u1ec7c b\u1ea3o v\u1ec7 l\u1edbp truy c\u1eadp l\u00e0 tuy\u1ebfn ph\u00f2ng th\u1ee7 \u0111\u1ea7u ti\u00ean v\u00e0 quan tr\u1ecdng nh\u1ea5t trong an ninh m\u1ea1ng. DHCP Snooping ch\u00ednh l\u00e0 c\u00f4ng c\u1ee5 thi\u1ebft y\u1ebfu gi\u00fap b\u1ea1n th\u1ef1c hi\u1ec7n nhi\u1ec7m v\u1ee5 n\u00e0y, b\u1eb1ng c\u00e1ch ng\u0103n ch\u1eb7n c\u00e1c m\u00e1y ch\u1ee7 DHCP gi\u1ea3 m\u1ea1o v\u00e0 nhi\u1ec1u h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng kh\u00e1c. B\u00e0i vi\u1ebft c\u1ee7a InterData s\u1ebd gi\u1ea3i th\u00edch to\u00e0n di\u1ec7n t\u1eeb kh\u00e1i ni\u1ec7m, c\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng, \u0111\u1ebfn h\u01b0\u1edbng d\u1eabn c\u1ea5u h\u00ecnh chi ti\u1ebft v\u00e0 m\u1ed1i li\u00ean h\u1ec7 v\u1edbi c\u00e1c c\u00f4ng ngh\u1ec7 b\u1ea3o m\u1eadt kh\u00e1c.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"DHCP-Snooping-la-gi\"><\/span>DHCP Snooping l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DHCP Snooping l\u00e0 m\u1ed9t t\u00ednh n\u0103ng b\u1ea3o m\u1eadt tr\u00ean c\u00e1c thi\u1ebft b\u1ecb chuy\u1ec3n m\u1ea1ch (switch) gi\u00fap b\u1ea3o v\u1ec7 m\u1ea1ng kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng li\u00ean quan \u0111\u1ebfn DHCP, \u0111\u1eb7c bi\u1ec7t l\u00e0 DHCP spoofing (gi\u1ea3 m\u1ea1o m\u00e1y ch\u1ee7 DHCP) v\u00e0 DHCP starvation (l\u00e0m c\u1ea1n ki\u1ec7t \u0111\u1ecba ch\u1ec9 IP). N\u00f3 ho\u1ea1t \u0111\u1ed9ng b\u1eb1ng c\u00e1ch ki\u1ec3m tra c\u00e1c g\u00f3i tin DHCP v\u00e0 ch\u1ec9 cho ph\u00e9p l\u01b0u l\u01b0\u1ee3ng DHCP h\u1ee3p l\u1ec7 t\u1eeb c\u00e1c ngu\u1ed3n \u0111\u00e1ng tin c\u1eady.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/DHCP-Snooping.jpg\" alt=\"DHCP Snooping\" width=\"600\" height=\"400\" class=\"aligncenter size-full wp-image-30979\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/DHCP-Snooping.jpg 600w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/DHCP-Snooping-300x200.jpg 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>M\u1ee5c \u0111\u00edch ch\u00ednh c\u1ee7a t\u00ednh n\u0103ng n\u00e0y l\u00e0 l\u1ecdc v\u00e0 x\u00e1c th\u1ef1c c\u00e1c g\u00f3i tin <a href=\"https:\/\/interdata.vn\/blog\/dhcp-la-gi\/\">DHCP (Dynamic Host Configuration Protocol)<\/a> trong m\u1ed9t m\u1ea1ng LAN. B\u1eb1ng c\u00e1ch n\u00e0y, b\u1ea1n \u0111\u1ea3m b\u1ea3o r\u1eb1ng ch\u1ec9 c\u00e1c m\u00e1y ch\u1ee7 DHCP h\u1ee3p l\u1ec7 m\u1edbi c\u00f3 th\u1ec3 c\u1ea5p ph\u00e1t \u0111\u1ecba ch\u1ec9 IP cho c\u00e1c thi\u1ebft b\u1ecb ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i (client).<\/p>\n<p>V\u1ec1 b\u1ea3n ch\u1ea5t, switch s\u1ebd &#8220;nghe l\u00e9n&#8221; c\u00e1c cu\u1ed9c trao \u0111\u1ed5i DHCP gi\u1eefa client v\u00e0 server. Switch s\u1ebd x\u00e2y d\u1ef1ng m\u1ed9t c\u01a1 s\u1edf d\u1eef li\u1ec7u tin c\u1eady v\u1ec1 c\u00e1c thi\u1ebft b\u1ecb trong m\u1ea1ng, sau \u0111\u00f3 s\u1eed d\u1ee5ng th\u00f4ng tin n\u00e0y \u0111\u1ec3 \u0111\u01b0a ra quy\u1ebft \u0111\u1ecbnh cho ph\u00e9p ho\u1eb7c t\u1eeb ch\u1ed1i c\u00e1c g\u00f3i tin DHCP kh\u00f4ng h\u1ee3p l\u1ec7. \u0110i\u1ec1u n\u00e0y t\u1ea1o ra m\u1ed9t l\u1edbp ch\u1eafn b\u1ea3o v\u1ec7 v\u1eefng ch\u1eafc ngay t\u1ea1i c\u1ed5ng k\u1ebft n\u1ed1i c\u1ee7a ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Tai-sao-phai-su-dung-DHCP-Snooping\"><\/span>T\u1ea1i sao ph\u1ea3i s\u1eed d\u1ee5ng DHCP Snooping?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Vi\u1ec7c kh\u00f4ng tri\u1ec3n khai DHCP Snooping s\u1ebd t\u1ea1o ra nh\u1eefng l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng, khi\u1ebfn h\u1ec7 th\u1ed1ng m\u1ea1ng d\u1ec5 d\u00e0ng tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng tinh vi. Nh\u1eefng r\u1ee7i ro n\u00e0y kh\u00f4ng ch\u1ec9 g\u00e2y gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5 m\u00e0 c\u00f2n c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn m\u1ea5t m\u00e1t d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m. Hai m\u1ed1i \u0111e d\u1ecda ph\u1ed5 bi\u1ebfn nh\u1ea5t m\u00e0 DHCP Snooping tr\u1ef1c ti\u1ebfp gi\u1ea3i quy\u1ebft l\u00e0 Rogue DHCP Server v\u00e0 DHCP Starvation.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ngan-chan-Rogue-DHCP-Server\"><\/span>Ng\u0103n ch\u1eb7n Rogue DHCP Server<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Rogue DHCP Server l\u00e0 m\u1ed9t m\u00e1y ch\u1ee7 DHCP kh\u00f4ng \u0111\u01b0\u1ee3c \u1ee7y quy\u1ec1n, \u0111\u01b0\u1ee3c k\u1ebb t\u1ea5n c\u00f4ng ho\u1eb7c ng\u01b0\u1eddi d\u00f9ng v\u00f4 t\u00ecnh k\u1ebft n\u1ed1i v\u00e0o m\u1ea1ng. Khi m\u1ed9t client g\u1eedi y\u00eau c\u1ea7u c\u1ea5p IP, m\u00e1y ch\u1ee7 gi\u1ea3 m\u1ea1o n\u00e0y c\u00f3 th\u1ec3 tr\u1ea3 l\u1eddi nhanh h\u01a1n m\u00e1y ch\u1ee7 h\u1ee3p l\u1ec7 v\u00e0 cung c\u1ea5p th\u00f4ng tin c\u1ea5u h\u00ecnh IP sai l\u1ec7ch cho client.<\/p>\n<p>H\u1eadu qu\u1ea3 c\u1ee7a vi\u1ec7c n\u00e0y c\u1ef1c k\u1ef3 nguy hi\u1ec3m. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 cung c\u1ea5p m\u1ed9t \u0111\u1ecba ch\u1ec9 Default Gateway v\u00e0 DNS Server gi\u1ea3 m\u1ea1o, t\u1eeb \u0111\u00f3 chuy\u1ec3n h\u01b0\u1edbng to\u00e0n b\u1ed9 l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp c\u1ee7a ng\u01b0\u1eddi d\u00f9ng qua m\u00e1y c\u1ee7a ch\u00fang. K\u1ef9 thu\u1eadt n\u00e0y \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 t\u1ea5n c\u00f4ng Man-in-the-Middle (MITM), cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng nghe l\u00e9n, \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp, d\u1eef li\u1ec7u t\u00e0i ch\u00ednh v\u00e0 c\u00e1c th\u00f4ng tin nh\u1ea1y c\u1ea3m kh\u00e1c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Chong-tan-cong-DHCP-Starvation\"><\/span>Ch\u1ed1ng t\u1ea5n c\u00f4ng DHCP Starvation<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DHCP Starvation l\u00e0 m\u1ed9t d\u1ea1ng t\u1ea5n c\u00f4ng T\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 (Denial of Service &#8211; DoS). K\u1ebb t\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng m\u1ed9t c\u00f4ng c\u1ee5 t\u1ef1 \u0111\u1ed9ng \u0111\u1ec3 li\u00ean t\u1ee5c g\u1eedi \u0111i c\u00e1c g\u00f3i tin DHCP Discover v\u1edbi \u0111\u1ecba ch\u1ec9 MAC gi\u1ea3 m\u1ea1o. M\u1ed7i y\u00eau c\u1ea7u n\u00e0y s\u1ebd chi\u1ebfm m\u1ed9t \u0111\u1ecba ch\u1ec9 IP trong d\u1ea3i c\u1ea5p ph\u00e1t (scope) c\u1ee7a m\u00e1y ch\u1ee7 DHCP h\u1ee3p l\u1ec7.<\/p>\n<p>Qu\u00e1 tr\u00ecnh n\u00e0y di\u1ec5n ra li\u00ean t\u1ee5c cho \u0111\u1ebfn khi to\u00e0n b\u1ed9 d\u1ea3i IP b\u1ecb chi\u1ebfm d\u1ee5ng h\u1ebft. K\u1ebft qu\u1ea3 l\u00e0 c\u00e1c client h\u1ee3p l\u1ec7 khi k\u1ebft n\u1ed1i v\u00e0o m\u1ea1ng s\u1ebd kh\u00f4ng th\u1ec3 nh\u1eadn \u0111\u01b0\u1ee3c \u0111\u1ecba ch\u1ec9 IP, d\u1eabn \u0111\u1ebfn vi\u1ec7c kh\u00f4ng th\u1ec3 truy c\u1eadp v\u00e0o t\u00e0i nguy\u00ean m\u1ea1ng hay Internet. Cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y c\u00f3 th\u1ec3 g\u00e2y t\u00ea li\u1ec7t ho\u1ea1t \u0111\u1ed9ng c\u1ee7a m\u1ed9t b\u1ed9 ph\u1eadn ho\u1eb7c to\u00e0n b\u1ed9 doanh nghi\u1ec7p.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Co-che-hoat-dong-cua-DHCP-Snooping\"><\/span>C\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng c\u1ee7a DHCP Snooping<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0110\u1ec3 hi\u1ec3u c\u00e1ch DHCP Snooping b\u1ea3o v\u1ec7 m\u1ea1ng, ch\u00fang ta c\u1ea7n n\u1eafm r\u00f5 c\u01a1 ch\u1ebf ph\u00e2n lo\u1ea1i c\u1ed5ng v\u00e0 c\u00e1ch n\u00f3 x\u00e2y d\u1ef1ng c\u01a1 s\u1edf d\u1eef li\u1ec7u \u0111\u00e1ng tin c\u1eady. Switch s\u1ebd coi c\u00e1c c\u1ed5ng c\u1ee7a n\u00f3 l\u00e0 m\u1ed9t trong hai lo\u1ea1i: Trusted (Tin c\u1eady) ho\u1eb7c Untrusted (Kh\u00f4ng tin c\u1eady).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/DHCP-Snooping-01.jpg\" alt=\"DHCP Snooping\" width=\"600\" height=\"338\" class=\"aligncenter size-full wp-image-30977\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/DHCP-Snooping-01.jpg 600w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/DHCP-Snooping-01-300x169.jpg 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>S\u1ef1 ph\u00e2n lo\u1ea1i n\u00e0y l\u00e0 y\u1ebfu t\u1ed1 c\u1ed1t l\u00f5i. Switch s\u1ebd \u00e1p \u0111\u1eb7t c\u00e1c quy t\u1eafc kh\u00e1c nhau l\u00ean t\u1eebng lo\u1ea1i c\u1ed5ng \u0111\u1ec3 ki\u1ec3m so\u00e1t lu\u1ed3ng th\u00f4ng \u0111i\u1ec7p DHCP, \u0111\u1ea3m b\u1ea3o ch\u1ec9 c\u00f3 th\u00f4ng tin t\u1eeb ngu\u1ed3n h\u1ee3p l\u1ec7 \u0111\u01b0\u1ee3c ph\u00e9p l\u01b0u th\u00f4ng trong m\u1ea1ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Trusted-Port-Cong-tin-cay\"><\/span>Trusted Port (C\u1ed5ng tin c\u1eady)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Trusted Port l\u00e0 c\u1ed5ng \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh \u0111\u1ec3 k\u1ebft n\u1ed1i \u0111\u1ebfn m\u1ed9t m\u00e1y ch\u1ee7 DHCP h\u1ee3p l\u1ec7 ho\u1eb7c m\u1ed9t switch kh\u00e1c c\u00f3 \u0111\u01b0\u1eddng uplink d\u1eabn \u0111\u1ebfn m\u00e1y ch\u1ee7 DHCP. Switch s\u1ebd tin t\u01b0\u1edfng ho\u00e0n to\u00e0n m\u1ecdi g\u00f3i tin DHCP \u0111\u1ebfn t\u1eeb c\u1ed5ng n\u00e0y, bao g\u1ed3m c\u1ea3 c\u00e1c g\u00f3i tin Offer v\u00e0 Acknowledgment (th\u00f4ng \u0111i\u1ec7p t\u1eeb ph\u00eda server). C\u1ed5ng Trusted \u0111\u01b0\u1ee3c ph\u00e9p chuy\u1ec3n ti\u1ebfp t\u1ea5t c\u1ea3 c\u00e1c lo\u1ea1i th\u00f4ng \u0111i\u1ec7p DHCP m\u00e0 kh\u00f4ng b\u1ecb ki\u1ec3m tra.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Untrusted-Port-Cong-khong-tin-cay\"><\/span>Untrusted Port (C\u1ed5ng kh\u00f4ng tin c\u1eady)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1eb7c \u0111\u1ecbnh, t\u1ea5t c\u1ea3 c\u00e1c c\u1ed5ng tr\u00ean switch \u0111\u1ec1u l\u00e0 Untrusted Port. \u0110\u00e2y l\u00e0 c\u00e1c c\u1ed5ng k\u1ebft n\u1ed1i tr\u1ef1c ti\u1ebfp \u0111\u1ebfn thi\u1ebft b\u1ecb c\u1ee7a ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i nh\u01b0 m\u00e1y t\u00ednh, \u0111i\u1ec7n tho\u1ea1i, m\u00e1y in. C\u00e1c c\u1ed5ng n\u00e0y b\u1ecb \u00e1p \u0111\u1eb7t c\u00e1c quy t\u1eafc nghi\u00eam ng\u1eb7t: ch\u00fang ch\u1ec9 \u0111\u01b0\u1ee3c ph\u00e9p g\u1eedi \u0111i c\u00e1c y\u00eau c\u1ea7u t\u1eeb ph\u00eda client (DHCP Discover, Request). B\u1ea5t k\u1ef3 g\u00f3i tin DHCP n\u00e0o mang t\u00ednh ch\u1ea5t &#8220;ph\u1ea3n h\u1ed3i t\u1eeb server&#8221; (DHCP Offer, Ack) \u0111\u1ebfn t\u1eeb m\u1ed9t c\u1ed5ng Untrusted s\u1ebd b\u1ecb switch lo\u1ea1i b\u1ecf ngay l\u1eadp t\u1ee9c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DHCP-Snooping-Binding-Database\"><\/span>DHCP Snooping Binding Database<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y ch\u00ednh l\u00e0 &#8220;b\u1ed9 n\u00e3o&#8221; c\u1ee7a t\u00ednh n\u0103ng. Khi m\u1ed9t client tr\u00ean c\u1ed5ng Untrusted th\u1ef1c hi\u1ec7n th\u00e0nh c\u00f4ng qu\u00e1 tr\u00ecnh xin c\u1ea5p IP t\u1eeb m\u1ed9t server h\u1ee3p l\u1ec7 (th\u00f4ng qua c\u1ed5ng Trusted), switch s\u1ebd ghi l\u1ea1i th\u00f4ng tin c\u1ee7a giao d\u1ecbch n\u00e0y v\u00e0o m\u1ed9t b\u1ea3ng g\u1ecdi l\u00e0 DHCP Snooping Binding Database. B\u1ea3ng n\u00e0y ch\u1ee9a c\u00e1c th\u00f4ng tin quan tr\u1ecdng:<\/p>\n<ul>\n<li>\u0110\u1ecba ch\u1ec9 MAC c\u1ee7a client<\/li>\n<li>\u0110\u1ecba ch\u1ec9 IP \u0111\u01b0\u1ee3c c\u1ea5p<\/li>\n<li>Th\u1eddi gian cho thu\u00ea (lease time)<\/li>\n<li>Lo\u1ea1i Binding (dhcp-snooping)<\/li>\n<li>S\u1ed1 VLAN c\u1ee7a client<\/li>\n<li>C\u1ed5ng (interface) m\u00e0 client \u0111ang k\u1ebft n\u1ed1i<\/li>\n<\/ul>\n<p>B\u1ea3ng d\u1eef li\u1ec7u n\u00e0y kh\u00f4ng ch\u1ec9 d\u00f9ng cho DHCP Snooping m\u00e0 c\u00f2n l\u00e0 n\u1ec1n t\u1ea3ng cho c\u00e1c t\u00ednh n\u0103ng b\u1ea3o m\u1eadt n\u00e2ng cao kh\u00e1c nh\u01b0 Dynamic ARP Inspection v\u00e0 IP Source Guard.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Huong-dan-cau-hinh-DHCP-Snooping-tren-Switch-Cisco\"><\/span>H\u01b0\u1edbng d\u1eabn c\u1ea5u h\u00ecnh DHCP Snooping tr\u00ean Switch Cisco<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Ph\u1ea7n n\u00e0y s\u1ebd h\u01b0\u1edbng d\u1eabn b\u1ea1n c\u00e1c b\u01b0\u1edbc c\u1ea5u h\u00ecnh chi ti\u1ebft tr\u00ean m\u1ed9t thi\u1ebft b\u1ecb Switch Cisco, c\u00f3 th\u1ec3 \u00e1p d\u1ee5ng tr\u00ean c\u1ea3 thi\u1ebft b\u1ecb th\u1eadt v\u00e0 ph\u1ea7n m\u1ec1m gi\u1ea3 l\u1eadp Cisco Packet Tracer. Ch\u00fang t\u00f4i s\u1ebd s\u1eed d\u1ee5ng c\u00e1c c\u00e2u l\u1ec7nh trong m\u00f4i tr\u01b0\u1eddng Cisco IOS.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-1-Kich-hoat-DHCP-Snooping-toan-cuc\"><\/span>B\u01b0\u1edbc 1: K\u00edch ho\u1ea1t DHCP Snooping to\u00e0n c\u1ee5c<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ea7u ti\u00ean, b\u1ea1n c\u1ea7n truy c\u1eadp v\u00e0o ch\u1ebf \u0111\u1ed9 c\u1ea5u h\u00ecnh to\u00e0n c\u1ee5c (global configuration mode) v\u00e0 b\u1eadt t\u00ednh n\u0103ng DHCP Snooping cho to\u00e0n b\u1ed9 switch.<\/p>\n<pre><code class=\"language-plaintext\">Switch&gt; enable\r\nSwitch# configure terminal\r\nSwitch(config)# ip dhcp snooping<\/code><\/pre>\n<p>L\u1ec7nh n\u00e0y s\u1ebd k\u00edch ho\u1ea1t c\u01a1 ch\u1ebf snooping, nh\u01b0ng n\u00f3 ch\u01b0a c\u00f3 hi\u1ec7u l\u1ef1c cho \u0111\u1ebfn khi b\u1ea1n \u00e1p d\u1ee5ng cho m\u1ed9t VLAN c\u1ee5 th\u1ec3.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-2-Kich-hoat-cho-VLAN-cu-the\"><\/span>B\u01b0\u1edbc 2: K\u00edch ho\u1ea1t cho VLAN c\u1ee5 th\u1ec3<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ti\u1ebfp theo, b\u1ea1n c\u1ea7n ch\u1ec9 \u0111\u1ecbnh VLAN n\u00e0o s\u1ebd \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng ch\u00ednh s\u00e1ch DHCP Snooping. B\u1ea1n c\u00f3 th\u1ec3 \u00e1p d\u1ee5ng cho m\u1ed9t ho\u1eb7c nhi\u1ec1u VLAN t\u00f9y theo thi\u1ebft k\u1ebf m\u1ea1ng. V\u00ed d\u1ee5, \u0111\u1ec3 b\u1eadt cho VLAN 10:<\/p>\n<pre><code class=\"language-plaintext\">Switch(config)# ip dhcp snooping vlan 10<\/code><\/pre>\n<p>N\u1ebfu b\u1ea1n c\u00f3 nhi\u1ec1u VLAN, b\u1ea1n c\u00f3 th\u1ec3 ch\u1ec9 \u0111\u1ecbnh m\u1ed9t d\u1ea3i, v\u00ed d\u1ee5: <code>ip dhcp snooping vlan 10,20,30<\/code> ho\u1eb7c <code>ip dhcp snooping vlan 10-30<\/code>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-3-Cau-hinh-cong-Trusted\"><\/span>B\u01b0\u1edbc 3: C\u1ea5u h\u00ecnh c\u1ed5ng Trusted<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 b\u01b0\u1edbc quan tr\u1ecdng nh\u1ea5t. B\u1ea1n ph\u1ea3i x\u00e1c \u0111\u1ecbnh c\u1ed5ng n\u00e0o tr\u00ean switch k\u1ebft n\u1ed1i \u0111\u1ebfn DHCP Server h\u1ee3p l\u1ec7 v\u00e0 c\u1ea5u h\u00ecnh n\u00f3 l\u00e0 c\u1ed5ng tin c\u1eady. N\u1ebfu b\u1ea1n qu\u00ean b\u01b0\u1edbc n\u00e0y, t\u1ea5t c\u1ea3 c\u00e1c g\u00f3i tin ph\u1ea3n h\u1ed3i t\u1eeb server s\u1ebd b\u1ecb ch\u1eb7n v\u00e0 kh\u00f4ng client n\u00e0o c\u00f3 th\u1ec3 nh\u1eadn \u0111\u01b0\u1ee3c IP.<\/p>\n<p>Gi\u1ea3 s\u1eed DHCP Server \u0111\u01b0\u1ee3c k\u1ebft n\u1ed1i qua c\u1ed5ng GigabitEthernet0\/1:<\/p>\n<pre><code class=\"language-plaintext\">Switch(config)# interface GigabitEthernet0\/1\r\nSwitch(config-if)# ip dhcp snooping trust\r\nSwitch(config-if)# exit<\/code><\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-4-Tuy-chon-Gioi-han-Rate-limit\"><\/span>B\u01b0\u1edbc 4: (T\u00f9y ch\u1ecdn) Gi\u1edbi h\u1ea1n Rate-limit<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 ch\u1ed1ng l\u1ea1i cu\u1ed9c t\u1ea5n c\u00f4ng DHCP Starvation, b\u1ea1n c\u00f3 th\u1ec3 gi\u1edbi h\u1ea1n s\u1ed1 l\u01b0\u1ee3ng g\u00f3i tin DHCP m\u00e0 m\u1ed9t c\u1ed5ng Untrusted c\u00f3 th\u1ec3 x\u1eed l\u00fd m\u1ed7i gi\u00e2y. M\u1ee9c gi\u1edbi h\u1ea1n h\u1ee3p l\u00fd th\u01b0\u1eddng l\u00e0 t\u1eeb 15 \u0111\u1ebfn 20 packets per second (pps).<\/p>\n<pre><code class=\"language-plaintext\">Switch(config)# interface range FastEthernet0\/1 - 24\r\nSwitch(config-if-range)# ip dhcp snooping limit rate 15\r\nSwitch(config-if-range)# exit<\/code><\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-5-Cac-lenh-kiem-tra-va-xac-minh\"><\/span>B\u01b0\u1edbc 5: C\u00e1c l\u1ec7nh ki\u1ec3m tra v\u00e0 x\u00e1c minh<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sau khi ho\u00e0n t\u1ea5t c\u1ea5u h\u00ecnh, b\u1ea1n c\u1ea7n s\u1eed d\u1ee5ng c\u00e1c l\u1ec7nh <code>show<\/code> \u0111\u1ec3 ki\u1ec3m tra v\u00e0 \u0111\u1ea3m b\u1ea3o m\u1ecdi th\u1ee9 ho\u1ea1t \u0111\u1ed9ng ch\u00ednh x\u00e1c.<\/p>\n<p>\u0110\u1ec3 xem tr\u1ea1ng th\u00e1i chung c\u1ee7a DHCP Snooping v\u00e0 c\u00e1c c\u1ed5ng \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh Trusted:<\/p>\n<pre><code class=\"language-plaintext\">Switch# show ip dhcp snooping<\/code><\/pre>\n<p>\u0110\u1ec3 xem n\u1ed9i dung c\u1ee7a b\u1ea3ng Binding Database sau khi client \u0111\u00e3 nh\u1eadn IP:<\/p>\n<pre><code class=\"language-plaintext\">Switch# show ip dhcp snooping binding<\/code><\/pre>\n<p>K\u1ebft qu\u1ea3 c\u1ee7a l\u1ec7nh n\u00e0y s\u1ebd hi\u1ec3n th\u1ecb danh s\u00e1ch c\u00e1c client \u0111ang ho\u1ea1t \u0111\u1ed9ng v\u1edbi \u0111\u1ea7y \u0111\u1ee7 th\u00f4ng tin MAC, IP, v\u00e0 c\u1ed5ng k\u1ebft n\u1ed1i.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Moi-quan-he-giua-DHCP-Snooping-va-cac-tinh-nang-khac\"><\/span>M\u1ed1i quan h\u1ec7 gi\u1eefa DHCP Snooping v\u00e0 c\u00e1c t\u00ednh n\u0103ng kh\u00e1c<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DHCP Snooping kh\u00f4ng ho\u1ea1t \u0111\u1ed9ng m\u1ed9t m\u00ecnh. B\u1ea3ng Binding Database m\u00e0 n\u00f3 t\u1ea1o ra l\u00e0 m\u1ed9t ngu\u1ed3n th\u00f4ng tin v\u00f4 gi\u00e1, l\u00e0m ti\u1ec1n \u0111\u1ec1 cho hai t\u00ednh n\u0103ng b\u1ea3o m\u1eadt Layer 2 c\u1ef1c k\u1ef3 m\u1ea1nh m\u1ebd kh\u00e1c.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/DHCP-Snooping-02.jpg\" alt=\"DHCP Snooping\" width=\"600\" height=\"289\" class=\"aligncenter size-full wp-image-30978\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/DHCP-Snooping-02.jpg 600w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/DHCP-Snooping-02-300x145.jpg 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Dynamic-ARP-Inspection-DAI\"><\/span>Dynamic ARP Inspection (DAI)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DAI l\u00e0 t\u00ednh n\u0103ng ch\u1ed1ng l\u1ea1i c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng gi\u1ea3 m\u1ea1o ARP (ARP Spoofing\/Poisoning). N\u00f3 ki\u1ec3m tra m\u1ecdi g\u00f3i tin ARP trong m\u1ea1ng. \u0110\u1ec3 x\u00e1c th\u1ef1c m\u1ed9t g\u00f3i tin ARP, DAI s\u1ebd \u0111\u1ed1i chi\u1ebfu th\u00f4ng tin \u0111\u1ecba ch\u1ec9 IP v\u00e0 MAC trong g\u00f3i tin \u0111\u00f3 v\u1edbi c\u00e1c m\u1ee5c c\u00f3 trong DHCP Snooping Binding Database. N\u1ebfu th\u00f4ng tin kh\u1edbp, g\u00f3i tin \u0111\u01b0\u1ee3c cho qua. N\u1ebfu kh\u00f4ng, g\u00f3i tin s\u1ebd b\u1ecb lo\u1ea1i b\u1ecf.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"IP-Source-Guard-IPSG\"><\/span>IP Source Guard (IPSG)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>IPSG cung c\u1ea5p kh\u1ea3 n\u0103ng l\u1ecdc l\u01b0u l\u01b0\u1ee3ng d\u1ef1a tr\u00ean \u0111\u1ecba ch\u1ec9 IP ngu\u1ed3n. Khi \u0111\u01b0\u1ee3c b\u1eadt tr\u00ean m\u1ed9t c\u1ed5ng, IPSG ch\u1ec9 cho ph\u00e9p l\u01b0u l\u01b0\u1ee3ng t\u1eeb m\u1ed9t \u0111\u1ecba ch\u1ec9 IP v\u00e0 MAC c\u1ee5 th\u1ec3 \u0111i qua. Th\u00f4ng tin v\u1ec1 c\u1eb7p IP-MAC h\u1ee3p l\u1ec7 n\u00e0y c\u0169ng \u0111\u01b0\u1ee3c l\u1ea5y tr\u1ef1c ti\u1ebfp t\u1eeb DHCP Snooping Binding Database. T\u00ednh n\u0103ng n\u00e0y gi\u00fap ng\u0103n ch\u1eb7n vi\u1ec7c m\u1ed9t client t\u1ef1 \u00fd \u0111\u1eb7t IP t\u0129nh ho\u1eb7c gi\u1ea3 m\u1ea1o IP c\u1ee7a m\u1ed9t thi\u1ebft b\u1ecb kh\u00e1c trong m\u1ea1ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cau-hoi-thuong-gap-FAQ\"><\/span>C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p (FAQ)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>DHCP Snooping ho\u1ea1t \u0111\u1ed9ng \u1edf t\u1ea7ng n\u00e0o?<\/strong><\/p>\n<p>DHCP Snooping l\u00e0 m\u1ed9t t\u00ednh n\u0103ng b\u1ea3o m\u1eadt ho\u1ea1t \u0111\u1ed9ng \u1edf T\u1ea7ng 2 (Data Link) c\u1ee7a m\u00f4 h\u00ecnh OSI, v\u00ec n\u00f3 \u0111\u01b0\u1ee3c tri\u1ec3n khai v\u00e0 x\u1eed l\u00fd tr\u1ef1c ti\u1ebfp tr\u00ean c\u00e1c thi\u1ebft b\u1ecb chuy\u1ec3n m\u1ea1ch (switch).<\/p>\n<p><strong>C\u1ed5ng Untrusted c\u00f3 ch\u1eb7n h\u1ebft g\u00f3i tin DHCP kh\u00f4ng?<\/strong><\/p>\n<p>Kh\u00f4ng. C\u1ed5ng Untrusted \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf th\u00f4ng minh \u0111\u1ec3 ch\u1ec9 ch\u1eb7n c\u00e1c g\u00f3i tin ph\u1ea3n h\u1ed3i t\u1eeb ph\u00eda server (nh\u01b0 DHCPOFFER, DHCPACK). N\u00f3 v\u1eabn cho ph\u00e9p c\u00e1c g\u00f3i tin y\u00eau c\u1ea7u t\u1eeb ph\u00eda client (nh\u01b0 DHCPDISCOVER, DHCPREQUEST) \u0111i qua \u0111\u1ec3 ch\u00fang c\u00f3 th\u1ec3 \u0111\u1ebfn \u0111\u01b0\u1ee3c DHCP Server h\u1ee3p l\u1ec7.<\/p>\n<p><strong>C\u00f3 c\u1ea7n c\u1ea5u h\u00ecnh DHCP Snooping tr\u00ean t\u1ea5t c\u1ea3 Switch kh\u00f4ng?<\/strong><\/p>\n<p>\u0110\u1ec3 \u0111\u1ea3m b\u1ea3o hi\u1ec7u qu\u1ea3 b\u1ea3o v\u1ec7 cao nh\u1ea5t, b\u1ea1n n\u00ean c\u1ea5u h\u00ecnh DHCP Snooping tr\u00ean t\u1ea5t c\u1ea3 c\u00e1c switch truy c\u1eadp (access switches) \u2013 n\u01a1i ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i k\u1ebft n\u1ed1i tr\u1ef1c ti\u1ebfp v\u00e0o. Vi\u1ec7c n\u00e0y t\u1ea1o ra m\u1ed9t ch\u00ednh s\u00e1ch b\u1ea3o m\u1eadt \u0111\u1ed3ng nh\u1ea5t v\u00e0 bao ph\u1ee7 to\u00e0n b\u1ed9 l\u1edbp truy c\u1eadp c\u1ee7a m\u1ea1ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Tong-ket\"><\/span>T\u1ed5ng k\u1ebft<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Vi\u1ec7c tri\u1ec3n khai DHCP Snooping kh\u00f4ng c\u00f2n l\u00e0 m\u1ed9t l\u1ef1a ch\u1ecdn m\u00e0 \u0111\u00e3 tr\u1edf th\u00e0nh y\u00eau c\u1ea7u b\u1eaft bu\u1ed9c \u0111\u1ed1i v\u1edbi m\u1ed9t h\u1ec7 th\u1ed1ng m\u1ea1ng an to\u00e0n. B\u1eb1ng c\u00e1ch x\u00e1c th\u1ef1c c\u00e1c ngu\u1ed3n c\u1ea5p ph\u00e1t IP v\u00e0 x\u00e2y d\u1ef1ng m\u1ed9t c\u01a1 s\u1edf d\u1eef li\u1ec7u tin c\u1eady, b\u1ea1n c\u00f3 th\u1ec3 v\u00f4 hi\u1ec7u h\u00f3a hi\u1ec7u qu\u1ea3 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng ph\u1ed5 bi\u1ebfn, b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u v\u00e0 \u0111\u1ea3m b\u1ea3o t\u00ednh li\u00ean t\u1ee5c trong ho\u1ea1t \u0111\u1ed9ng c\u1ee7a ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<p>T\u1ea1i <a href=\"https:\/\/interdata.vn\/\">InterData<\/a>, ch\u00fang t\u00f4i khuy\u1ebfn kh\u00edch m\u1ecdi qu\u1ea3n tr\u1ecb vi\u00ean m\u1ea1ng h\u00e3y d\u00e0nh th\u1eddi gian \u0111\u1ec3 hi\u1ec3u v\u00e0 \u00e1p d\u1ee5ng t\u00ednh n\u0103ng m\u1ea1nh m\u1ebd n\u00e0y. N\u1ebfu c\u00f3 b\u1ea5t k\u1ef3 th\u1eafc m\u1eafc n\u00e0o trong qu\u00e1 tr\u00ecnh c\u1ea5u h\u00ecnh, h\u00e3y \u0111\u1ec3 l\u1ea1i b\u00ecnh lu\u1eadn b\u00ean d\u01b0\u1edbi, \u0111\u1ed9i ng\u0169 chuy\u00ean gia c\u1ee7a ch\u00fang t\u00f4i lu\u00f4n s\u1eb5n s\u00e0ng h\u1ed7 tr\u1ee3 b\u1ea1n.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vi\u1ec7c b\u1ea3o v\u1ec7 l\u1edbp truy c\u1eadp l\u00e0 tuy\u1ebfn ph\u00f2ng th\u1ee7 \u0111\u1ea7u ti\u00ean v\u00e0 quan tr\u1ecdng nh\u1ea5t trong an ninh m\u1ea1ng. DHCP Snooping ch\u00ednh l\u00e0 c\u00f4ng c\u1ee5 thi\u1ebft y\u1ebfu gi\u00fap b\u1ea1n th\u1ef1c hi\u1ec7n nhi\u1ec7m v\u1ee5 n\u00e0y, b\u1eb1ng c\u00e1ch ng\u0103n ch\u1eb7n c\u00e1c m\u00e1y ch\u1ee7 DHCP gi\u1ea3 m\u1ea1o v\u00e0 nhi\u1ec1u h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng kh\u00e1c. B\u00e0i vi\u1ebft c\u1ee7a<\/p>\n","protected":false},"author":2,"featured_media":30979,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[151],"tags":[],"class_list":["post-30976","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mang"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/30976","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=30976"}],"version-history":[{"count":2,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/30976\/revisions"}],"predecessor-version":[{"id":30981,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/30976\/revisions\/30981"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/30979"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=30976"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=30976"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=30976"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}