Introduction of Bogus DHCP server to Network

rossdmcco · ‎09-20-2007

We run an all cisco network wth a 6500 core switch and 3500 access layer switches.

In one instance a customer had a VOIP gateway device plugged in improperly and as a result all clients on that specific VLAN looses their regularly assigned IP address and picks up on from the VOIP Gateway which is setup to be a DHCP server.

Is there anything that can be doneto prevent unauthorized DHCP servers from causing outages such as these?

Martin Parry · ‎09-20-2007

Hi

The newer switches have a feature called dhcp snooping which prevents unauthorised DHCP servers taking out your network. Unfortunately I don't believe that your legacy 3500 switches will have support for this feature.

Details on dhcp snooping can be found here:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2970/software/release/12.1_19_ea1/configuration/guide/swdhcp82.html

paul.matthews · ‎09-20-2007

TBH I don't think there is much you can do from where you are. As mentioned, DHCP snooping may help, but another aspect to consider - How big are your subnets? Smaller subnets would mean fewer users would be affected by an incident like this.

rossdmcco · ‎09-20-2007

Thanks to both of you for your responses.

I realize this may be the case however I wanted to be certain.

I will read up on DHCP snooping and find out what I would need to put in place to mitigate incidences as these.

Thanks again.