Traditional Dynamic Host Configuration Protocol (DHCP) protocols implemented on Virtual Local Area Network (VLAN) networks are highly vulnerable to DHCP Starvation attacks due to the absence of device authentication mechanisms. This research aims to comparatively analyze the effectiveness level of DHCP Snooping and Port Security features on Cisco switches in maintaining the availability of IP Address allocation services. The research method was conducted experimentally through a multi-tiered network infrastructure simulation using Cisco Packet Tracer simulator. The testing evaluated two main scenarios: operational conditions without security and conditions with an active protection system. The measured testing parameters included the IP request packet rate (configured at a DHCP Snooping Limit Rate of 2 packets per second), the maximum number of MAC Addresses per physical port (configured for 1 address via Port Security), and the network disruption response time. The testing results indicated that in the unsecured scenario, the attack successfully exhausted 100% of the address pool allocation (254 IP Addresses) within 3 to 5 seconds, causing total service downtime for all legitimate users. Conversely, when the active protection system with a shutdown violation parameter was applied, the switch instantly isolated the attacker's physical port into an err-disable status in less than 1 second after detecting a violation. The research conclusion proves that the combination of these two features has a 100% effectiveness rate in maintaining addressing stability and protecting the integrity of VLAN network infrastructure from disruption.
Copyrights © 2026