An engineer is implementing DHCP security mechanisms and needs the ability to add additional attributes to profiles that are created within Cisco ISE Which action accomplishes this task?
A.
Define MAC-to-lP address mappings in the switch to ensure that rogue devices cannot get an IP address
B.
Use DHCP option 82 to ensure that the request is from a legitimate endpoint and send the information to Cisco ISE
C.
Modify the DHCP relay and point the IP address to Cisco ISE.
D.
Configure DHCP snooping on the switch VLANs and trust the necessary interfaces
DHCP option 82 is a feature that allows the network access device (NAD) to insert additional information into the DHCP request packet from the endpoint. This information can include the switch ID, port number, VLAN ID, and other attributes that can help Cisco ISE to identify and profile the endpoint. Cisco ISE can use DHCP option 82 to assign the endpoint to the appropriate identity group, policy, and authorization profile. DHCP option 82 is also useful to prevent rogue DHCP servers from assigning IP addresses to endpoints, as Cisco ISE can verify the legitimacy of the DHCP request based on the option 82 data. To use DHCP option 82, the NAD must be configured to enable this feature and send the option 82 data to Cisco ISE. Cisco ISE must also be configured to accept and parse the option 82 data from the NAD. For more details on how to configure DHCP option 82 on Cisco ISE and NAD, see the references below. References:
Configuring the DHCP Probe
Securing Your Network From DHCP Risks
Can we use ISE as DHCP/DNS server to prevent guest traffic using …
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit