How to block assigning a dhcp ip to perticular host

Unanswered Question
Apr 15th, 2008
User Badges:

I have a 1841 cisco router as a dhcp server with 2 address pools

namely abc & xyz


ip dhcp pool abc

network 10.20.4.0 255.255.255.0

default router 10.20.4.1



ip dhcp pool xyz

network 192.50.201.0 255.255.255.0

default router 192.50.201.1



Router is connected to a cisco 2960 switch. It has 2 vlans associated

with the 2 address pools.



I have a manual binding to server.



ip dhcp pool serv

host 10.20.40.5

client-identifier xxx.xxx.xxxx.xx



when i connect the server to a switch port which is associated with

the abc pool it gets the correct manally binded ip.



when i connect it to a switch port which is associated with the xyz

pool, it get an ip from that pool. But i want the router to assign

only the binded ip when connected to a port associated with the abc

pool. If the server is connected to the other vlan port, then it shoul

not get an ip.



How can i do this. Please help




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

I think you could try:-


1) Create a dhcp pool in the xyz pool, but configure no information apart from the client-identifier. When the server tries to request an IP - the router will not assign one.


2) Create a mac address filtering ACL in the VLAN sub-interface in the router for the xyz, blocking the server MAC address from accessing the routers MAC address.


The above are off the top of my head - I have not tested either of the above, you may want to.


HTH

prasanga123 Wed, 04/16/2008 - 23:57
User Badges:

Please explain what you mean by "Create a dhcp pool in the xyz pool" & how to do that.


I tried but could not do.

I understand ur 2nd option & i am sure that will work.

Thanks.

Just tested in the lab and option 1 will not work. You cannot assign a specific client host into a dhcp pool for a IP subnet.


Option 2 could still work.


Another option would be to use the vlan/switch port to bind the server into the specific vlan - something like port security would work.


Or the best solution would be not to move the server connection into a switch port in the other vlan.


HTH.

Actions

This Discussion