How do you stop multiple DHCP requests from a host

Unanswered Question
Feb 3rd, 2009

I have a host on the network that makes multiple DHCP request in rapid succession. We have since moved the DHCP pool from a 2800 router running 12.4(22)T to a Windows 2003 server. The Windows server has a DHCP option to limit 1 DHCP request per mac-address. Is there a similar command in Cisco IOS that can do this?

Otherwise the rogue host uses up all addresses in the DHCP pool as seen below

Internet 172.21.2.29 8 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.30 8 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.31 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.32 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.33 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.35 6 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.36 6 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.37 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.38 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.39 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.40 4 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.41 4 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.42 3 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.43 3 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.46 3 0080.9f63.217b ARPA FastEthernet0/0.1

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
BOGDAN OVIDIU S... Tue, 02/03/2009 - 11:57

Hy,

You can configure manual DHCP bindings for that HOST. In this way for that MAC address you will assign only 1 IP address.

I think this will resolve your problem.

Here is a link from CiscoDocCD:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_svr_cfg_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1155880

But, of course, you have to see why that host is doing this!!

All the best,

Bogdan

lamav Tue, 02/03/2009 - 18:45

Swaro:

There is a type of attack that can be launched to exhaust the DHCP pool in a network. This is called a DHCP starvation attack. It is typicaly launched by a machine that has been invaded and infected with a virus that would launch such an attack. The purpose is to use up all the IP addresses that your server has in its scope to offer network clients.

There is a mechanism that Cisco offers to mitigate such an attack and it is part of the DHCP Snooping solution.

In global config mode, type:

ip dhcp snooping

Under the x-Ethernet interface, type:

interface fastethernet 0/1

ip dhcp snooping limit 3

This will limit the number of DHCP Requests that the switch will forward to the DHCP server that it receives from that particular port to 3 per second. You can limit it to one, if you feel it necessary.

HTH

Victor

Actions

This Discussion