Introduction of Bogus DHCP server to Network

Unanswered Question
Sep 20th, 2007
User Badges:

We run an all cisco network wth a 6500 core switch and 3500 access layer switches.


In one instance a customer had a VOIP gateway device plugged in improperly and as a result all clients on that specific VLAN looses their regularly assigned IP address and picks up on from the VOIP Gateway which is setup to be a DHCP server.


Is there anything that can be doneto prevent unauthorized DHCP servers from causing outages such as these?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Martin Parry Thu, 09/20/2007 - 07:59
User Badges:
  • Silver, 250 points or more


Hi


The newer switches have a feature called dhcp snooping which prevents unauthorised DHCP servers taking out your network. Unfortunately I don't believe that your legacy 3500 switches will have support for this feature.


Details on dhcp snooping can be found here:


http://www.cisco.com/en/US/docs/switches/lan/catalyst2970/software/release/12.1_19_ea1/configuration/guide/swdhcp82.html



paul.matthews Thu, 09/20/2007 - 08:05
User Badges:
  • Silver, 250 points or more

TBH I don't think there is much you can do from where you are. As mentioned, DHCP snooping may help, but another aspect to consider - How big are your subnets? Smaller subnets would mean fewer users would be affected by an incident like this.

rossdmcco Thu, 09/20/2007 - 08:46
User Badges:

Thanks to both of you for your responses.


I realize this may be the case however I wanted to be certain.


I will read up on DHCP snooping and find out what I would need to put in place to mitigate incidences as these.


Thanks again.



Actions

This Discussion