Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
2
Replies

DHCP/Duplication of IP address on LAN

Go to solution
faisal_ghaus
Level 1
Level 1

‎08-16-2008 07:35 AM - edited ‎03-06-2019 12:50 AM

Hi

Is there any mechanism in Cisco Switch that can prevent duplication of IP address on LAN.eg like port gets disabled it self .

Secondly any mechanism that can prevent rouge DHCP servers.

recently I have visited a university network students on purpose install DHCP server or tools that can act like dhcp servers that caused duplications or some times different range of ip addressing on the network

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-16-2008 08:21 AM

for preventing rouge DHCP server

there is feature in cisco switches called dhcp snooping

this feature prevent any port to send dhcp offers unless it consdered trused based on the configuration

so all port will be untrusted except ports that connected to a dhcp server and links between switches

this is in brief

and this feature also build a data base on the swtich that contain the client ip from the dhcp and the mak address in that port

this data base of dhcp snooping can be used with another feature called ip source gurd

which prevent any ip address that not in that data base in other words the ip must be in the data bse maped to mac address

so if some one try to pretend him self as another on by useing spoofed ip will not be able to do that

good luck

please, if helpful rate

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-16-2008 08:21 AM

for preventing rouge DHCP server

there is feature in cisco switches called dhcp snooping

this feature prevent any port to send dhcp offers unless it consdered trused based on the configuration

so all port will be untrusted except ports that connected to a dhcp server and links between switches

this is in brief

and this feature also build a data base on the swtich that contain the client ip from the dhcp and the mak address in that port

this data base of dhcp snooping can be used with another feature called ip source gurd

which prevent any ip address that not in that data base in other words the ip must be in the data bse maped to mac address

so if some one try to pretend him self as another on by useing spoofed ip will not be able to do that

good luck

please, if helpful rate

0 Helpful

Go to solution
faisal_ghaus
Level 1
Level 1
In response to Marwan ALshawi

‎08-17-2008 05:22 AM

Hi

Thanks for the input

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card