How to Stop DHCP Snooping from unknown device

Unanswered Question
Apr 29th, 2008
User Badges:


Recently in one of our remote Network, there was an DHCP snooping from an unknown device(Netgear HUB) and this device has caused most of the device to have IP address from the Netgear HUB instead of the actual DHCP server. Due to this the Network went down.

IS there anyway to secure the LAN from such malicious devices ?

the entire LAN has 3560 access switches & 6506 as the Core switch, please advice to avoid such incidents in our Network.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lindegcenst Tue, 04/29/2008 - 05:34
User Badges:


Thanks for your reply. Do i need to enable DHCP snooping in both the core & access switches or only in the core switch ? if only on the core switch, will it affect if a Netgear or Wireless AP running unknown DHCP Pool connected on VLAN Xyz provide IP(unknown IP) to the hosts connected on the same vlan Xyz.


mlund Tue, 04/29/2008 - 05:58
User Badges:
  • Silver, 250 points or more


In my opinion it's most important to enable it at the access-layer to prevent users to connect devices that offers dhcp.

If you have servers connected to the core-switch, I would implement it even in the core.



This Discussion