Effectiveness Analysis of DHCP Snooping and Port Security Against DHCP Starvation Attacks on Cisco-based VLAN Networks
DOI:
https://doi.org/10.46984/nwxbne65Keywords:
DHCP Starvation, DHCP Snooping, Port Security, VLAN, Cisco Packet Tracer.Abstract
Traditional Dynamic Host Configuration Protocol (DHCP) protocols implemented on Virtual Local Area Network (VLAN) networks are highly vulnerable to DHCP Starvation attacks due to the absence of device authentication mechanisms. This research aims to comparatively analyze the effectiveness level of DHCP Snooping and Port Security features on Cisco switches in maintaining the availability of IP Address allocation services. The research method was conducted experimentally through a multi-tiered network infrastructure simulation using Cisco Packet Tracer simulator. The testing evaluated two main scenarios: operational conditions without security and conditions with an active protection system. The measured testing parameters included the IP request packet rate (configured at a DHCP Snooping Limit Rate of 2 packets per second), the maximum number of MAC Addresses per physical port (configured for 1 address via Port Security), and the network disruption response time. The testing results indicated that in the unsecured scenario, the attack successfully exhausted 100% of the address pool allocation (254 IP Addresses) within 3 to 5 seconds, causing total service downtime for all legitimate users. Conversely, when the active protection system with a shutdown violation parameter was applied, the switch instantly isolated the attacker's physical port into an err-disable status in less than 1 second after detecting a violation. The research conclusion proves that the combination of these two features has a 100% effectiveness rate in maintaining addressing stability and protecting the integrity of VLAN network infrastructure from disruption.
References
Afriady, M., Adytia, P., & Fahmi, M. (2024). Analisis penerapan metode hirarchical token bucket untuk management bandwidth jaringan internet (Studi kasus: STMIK Widya Cipta Dharma) (Skripsi, STMIK Widya Cipta Dharma).
Adani, M. R., & Syafria, F. (2022). Analisis perbandingan performa jaringan VLAN menggunakan metode DHCP snooping dan non-DHCP snooping terhadap serangan rogue DHCP server. Jurnal Edukasi dan Penelitian Informatika (JEPIN), 8(2), 211–218.
Alhajahmad, B. (2025). Improving Switch Security Against MITM Attacks Using DHCP Snooping and Port Security. International Journal of Management Information Systems and Computer Science, 9(2), 157–174.
Alsaadi, R. R., & Abdul-Zahra, D. S. (2022). Comprehensive Design of Secure Local Area Networks (LAN) Against MitM and Rogue DHCP Attacks. Journal of Network Security and Computer Applications, 1(2), 1–12.
Azis, I. F. (2021). Implementasi dan analisis kinerja DHCP snooping untuk fungsi pengamanan pada Dynamic Host Configuration Protocol [Tugas Akhir, Telkom University]. Telkom University Repository.
Buamona, N. Q. (2023). Analisis dan implementasi keamanan jaringan menggunakan metode DHCP snooping dan switch port security. Jurnal Teknik Informatika (J-Tifa), 6(1), 23–31.
Dara, Y. C., Hariadi, F., & Lede, P. A. R. L. (2022). Analisis penerapan sistem keamanan jaringan menggunakan metode DHCP snooping dan switch port security. Jurnal Inovatif, 1(3), 187–196.
Dewi, S., Firmansyah, F., & Hasan, U. (2022). Penerapan metode access control list pada jaringan VLAN menggunakan router Cisco. IMTechno: Journal of Industrial Management and Technology, 3(1), 37–41.
Fahmi, A., & Setiawan, B. (2023). Pencegahan serangan DHCP starvation menggunakan kombinasi fitur DHCP snooping dan port security pada switch Cisco catalyst. Jurnal Komputer dan Teknologi Informasi (JUKANTI), 6(1), 12–20.
Gunawan, I., & Pratama, R. A. (2024). Pengamanan infrastruktur local area network berbasis virtual local area network (VLAN) dari ancaman serangan layer 2 mac flooding dan DHCP spoofing. Jurnal Informatika dan Rekayasa Perangkat Lunak (JAIRO), 5(2), 104–113.
Hassan, M. A., & Shukur, Z. (2023). An Analysis of DHCP Vulnerabilities, Attacks, and Countermeasures. IEEE Xplore / International Conference on Business and Technology (ICBT), 1–12. doi:10.1109/ICBT58133.2023.10201458.
Hidayat, T., & Nugroho, S. (2023). Simulasi dan analisis mitigasi serangan man-in-the-middle dan DHCP starvation menggunakan DHCP snooping pada jaringan berbasis Cisco Packet Tracer. Jurnal Teknik Elektro dan Komputer Triac, 10(2), 75–82.
Kurniawan, D., & Mustofa, A. (2022). Penerapan port security dan dynamic ARP inspection (DAI) sebagai penguat fitur DHCP snooping dalam mengatasi serangan internal jaringan. Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), 6(4), 589–597.
Lestari, W., & Handoko, P. (2025). Analisis efektivitas pengamanan inter-VLAN routing terhadap serangan network starvation menggunakan pengamatan fitur dynamic host configuration protocol snooping. Jurnal Sistem Informasi dan Ilmu Komputer (JSIK), 4(1), 34–42.
Pamungkas, D. S. (2023). Analisis keamanan jaringan switch port security dan DHCP snooping dalam mengatasi serangan DHCP starvation. Jurnal Edukasi Elektro, 7(1), 45–52.
Prasetyo, B. E. (2023). Analisis dan implementasi sistem mitigasi rogue DHCP server dan DHCP starvation di jaringan kampus menggunakan arsitektur VLAN dan switch port security [Skripsi, Universitas Negeri Semarang]. UNNES Institutional Repository.
Purwanto, H. S. (2021). Analisis efektivitas switch port security terhadap serangan MAC flooding dan DHCP starvation. Jurnal Sistem Komputer dan Informatika (JSON), 3(1), 22–29.
Ramadhani, R. R. (2026). Building network security using DHCP snooping, VLAN, and ACL methods through Cisco Packet Tracer simulation [Karya Ilmiah, STMIK Widya Cipta Dharma]. WICIDA Institutional Repository.
Saputra, R., & Wijaya, M. C. (2024). Evaluasi performa throughput dan delay jaringan local area network pasca implementasi policy DHCP snooping dan limitasi mac address. Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi), 8(3), 312–321.
Sinaga, A. S. R. M. (2021). Analisis dan implementasi keamanan jaringan dengan metode DHCP snooping dan switch port security. Jurnal Informasi dan Teknologi (JIDT), 3(2), 78–83.
Sitorus, M. B. R. (2022). Simulasi pertahanan layer 2 terhadap ancaman rogue DHCP server berbasis VLAN. Jurnal Ilmiah Teknologi Informasi dan Robotika, 4(2), 89–96.
Sopian, A. (2022). Penerapan sistem keamanan jaringan komputer dengan menggunakan metode DHCP snooping dan VLAN [Skripsi, Universitas Sebelas April]. Scribd Repository.
Utomo, P., & Rahman, A. (2022). Eksperimen keamanan switchport layer 2 menggunakan serangan yersinia dan langkah preventif melalui konfigurasi DHCP snooping. Jurnal Infomedia: Teknik Informatika, Data Mining, dan Multimedia, 7(2), 61–68.
Wicaksono, G., & Wardhana, A. (2025). Pengamanan arsitektur switch berbasis VLAN dari ancaman DHCP exhaustion attack menggunakan fitur mitigasi port-security. Jurnal Telekomunikasi, Elektronika, komputasi, dan Kontrol (JTEKK), 5(1), 18–27.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Rendy Adi Tama, Muhammad Fahmi, Ahmad Fahrijal Pukeng
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain all their rights to the published works, such as (but not limited to) the following rights; Copyright and other proprietary rights relating to the article, such as patent rights, The right to use the substance of the article in own future works, including lectures and books, The right to reproduce the article for own purposes, The right to self-archive the article
