How do you stop multiple DHCP requests from a host

Unanswered Question
Feb 3rd, 2009
User Badges:

I have a host on the network that makes multiple DHCP request in rapid succession. We have since moved the DHCP pool from a 2800 router running 12.4(22)T to a Windows 2003 server. The Windows server has a DHCP option to limit 1 DHCP request per mac-address. Is there a similar command in Cisco IOS that can do this?

Otherwise the rogue host uses up all addresses in the DHCP pool as seen below


Internet 172.21.2.29 8 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.30 8 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.31 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.32 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.33 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.35 6 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.36 6 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.37 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.38 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.39 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.40 4 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.41 4 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.42 3 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.43 3 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.46 3 0080.9f63.217b ARPA FastEthernet0/0.1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
BOGDAN OVIDIU S... Tue, 02/03/2009 - 11:57
User Badges:

Hy,

You can configure manual DHCP bindings for that HOST. In this way for that MAC address you will assign only 1 IP address.

I think this will resolve your problem.

Here is a link from CiscoDocCD:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_svr_cfg_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1155880


But, of course, you have to see why that host is doing this!!


All the best,


Bogdan

lamav Tue, 02/03/2009 - 18:45
User Badges:
  • Blue, 1500 points or more

Swaro:


There is a type of attack that can be launched to exhaust the DHCP pool in a network. This is called a DHCP starvation attack. It is typicaly launched by a machine that has been invaded and infected with a virus that would launch such an attack. The purpose is to use up all the IP addresses that your server has in its scope to offer network clients.


There is a mechanism that Cisco offers to mitigate such an attack and it is part of the DHCP Snooping solution.


In global config mode, type:


ip dhcp snooping


Under the x-Ethernet interface, type:


interface fastethernet 0/1

ip dhcp snooping limit 3


This will limit the number of DHCP Requests that the switch will forward to the DHCP server that it receives from that particular port to 3 per second. You can limit it to one, if you feel it necessary.


HTH


Victor

Actions

This Discussion