DHCP/Duplication of IP address on LAN

Answered Question
Aug 16th, 2008

Hi

Is there any mechanism in Cisco Switch that can prevent duplication of IP address on LAN.eg like port gets disabled it self .

Secondly any mechanism that can prevent rouge DHCP servers.

recently I have visited a university network students on purpose install DHCP server or tools that can act like dhcp servers that caused duplications or some times different range of ip addressing on the network

I have this problem too.
0 votes
Correct Answer by Marwan ALshawi about 8 years 3 months ago

for preventing rouge DHCP server

there is feature in cisco switches called dhcp snooping

this feature prevent any port to send dhcp offers unless it consdered trused based on the configuration

so all port will be untrusted except ports that connected to a dhcp server and links between switches

this is in brief

and this feature also build a data base on the swtich that contain the client ip from the dhcp and the mak address in that port

this data base of dhcp snooping can be used with another feature called ip source gurd

which prevent any ip address that not in that data base in other words the ip must be in the data bse maped to mac address

so if some one try to pretend him self as another on by useing spoofed ip will not be able to do that

good luck

please, if helpful rate

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Correct Answer
Marwan ALshawi Sat, 08/16/2008 - 08:21

for preventing rouge DHCP server

there is feature in cisco switches called dhcp snooping

this feature prevent any port to send dhcp offers unless it consdered trused based on the configuration

so all port will be untrusted except ports that connected to a dhcp server and links between switches

this is in brief

and this feature also build a data base on the swtich that contain the client ip from the dhcp and the mak address in that port

this data base of dhcp snooping can be used with another feature called ip source gurd

which prevent any ip address that not in that data base in other words the ip must be in the data bse maped to mac address

so if some one try to pretend him self as another on by useing spoofed ip will not be able to do that

good luck

please, if helpful rate

Actions

This Discussion