How to Stop DHCP Snooping from unknown device

lindegcenst · ‎04-29-2008

Hi,

Recently in one of our remote Network, there was an DHCP snooping from an unknown device(Netgear HUB) and this device has caused most of the device to have IP address from the Netgear HUB instead of the actual DHCP server. Due to this the Network went down.

IS there anyway to secure the LAN from such malicious devices ?

the entire LAN has 3560 access switches & 6506 as the Core switch, please advice to avoid such incidents in our Network.

Thanks

mlund · ‎04-29-2008

Hi

With a feature called "ip dhcp snooping", have a look at this link, it explains how to do it.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swdhcp82.html

/Mikael

lindegcenst · ‎04-29-2008

Hi,

Thanks for your reply. Do i need to enable DHCP snooping in both the core & access switches or only in the core switch ? if only on the core switch, will it affect if a Netgear or Wireless AP running unknown DHCP Pool connected on VLAN Xyz provide IP(unknown IP) to the hosts connected on the same vlan Xyz.

/yoga

mlund · ‎04-29-2008

Hi

In my opinion it's most important to enable it at the access-layer to prevent users to connect devices that offers dhcp.

If you have servers connected to the core-switch, I would implement it even in the core.

/Mikael