Verify that router is not allowing DHCP packets

Unanswered Question
Feb 27th, 2008
User Badges:

Hi all. I have an 1811 router that connects two dissimilar networks.


My question is, how can I verify that the 1811 is not allowing dhcp packets to pass through it? I realize that routers stop broadcast, hence dhcp, but how can I verify that if a non-cisco person wants proof that dhcp packets are being discarded at the ingress interface?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ciscograyaw Wed, 02/27/2008 - 12:11
User Badges:

DHCP operates using two mechanisms: The initial request for an address is indeed broadcast, however subsequent transactions are unicast. Short of using ip helpers to forward the broadcast requests to a DHCP server, stopping the broadcast will stop that initial discovery.


If you want to make 100% sure DHCP doesn't cross the networks (this could happen in the case a mobile user already thinks it has an address, moves to the other network, and tries to renew by unicast), a simple ACL against UDP port 67 will stop that.

Actions

This Discussion