DHCP/Duplication of IP address on LAN

Answered Question
Aug 16th, 2008
User Badges:

Hi


Is there any mechanism in Cisco Switch that can prevent duplication of IP address on LAN.eg like port gets disabled it self .


Secondly any mechanism that can prevent rouge DHCP servers.


recently I have visited a university network students on purpose install DHCP server or tools that can act like dhcp servers that caused duplications or some times different range of ip addressing on the network

Correct Answer by Marwan ALshawi about 8 years 8 months ago

for preventing rouge DHCP server

there is feature in cisco switches called dhcp snooping

this feature prevent any port to send dhcp offers unless it consdered trused based on the configuration


so all port will be untrusted except ports that connected to a dhcp server and links between switches

this is in brief


and this feature also build a data base on the swtich that contain the client ip from the dhcp and the mak address in that port


this data base of dhcp snooping can be used with another feature called ip source gurd


which prevent any ip address that not in that data base in other words the ip must be in the data bse maped to mac address


so if some one try to pretend him self as another on by useing spoofed ip will not be able to do that


good luck


please, if helpful rate

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Correct Answer
Marwan ALshawi Sat, 08/16/2008 - 08:21
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

for preventing rouge DHCP server

there is feature in cisco switches called dhcp snooping

this feature prevent any port to send dhcp offers unless it consdered trused based on the configuration


so all port will be untrusted except ports that connected to a dhcp server and links between switches

this is in brief


and this feature also build a data base on the swtich that contain the client ip from the dhcp and the mak address in that port


this data base of dhcp snooping can be used with another feature called ip source gurd


which prevent any ip address that not in that data base in other words the ip must be in the data bse maped to mac address


so if some one try to pretend him self as another on by useing spoofed ip will not be able to do that


good luck


please, if helpful rate

Actions

This Discussion