Mohamed Sobair Tue, 01/20/2009 - 01:32
User Badges:
  • Gold, 750 points or more

Hi,


You will need to implement (DHCP Snooping) and trust DHCP on the required uplinks and access ports.

Another way is to check (IP Source Guard) Feature.



Please have a look at the attached document.


HTH

Mohamed



Attachment: 
rajeesh.kumar1@... Tue, 01/20/2009 - 22:04
User Badges:

Thanks Mohamed. Is this feature available on all models


Our model is 2600 series at layer two level .



Giuseppe Larosa Tue, 01/20/2009 - 01:36
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Rajeesh,

on several platforms are available security features like dynamic ARP inspection.


On the basis of DAI ip source guard and DHCP snooping are possible and the latter is the specific tool to use to fight rogue DHCP servers.


see


http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swdhcp82.html


http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swdynarp.html


Be aware that if you enable DHCP snooping the default state for all ports is untrusted so you need to declare trusted the access ports where a legitimate DHCP server is connected and the uplinks from which another switch can see legitimate servers answers.


Hope to help

Giuseppe


Actions

This Discussion