02-03-2009 08:45 AM - edited 03-06-2019 03:50 AM
I have a host on the network that makes multiple DHCP request in rapid succession. We have since moved the DHCP pool from a 2800 router running 12.4(22)T to a Windows 2003 server. The Windows server has a DHCP option to limit 1 DHCP request per mac-address. Is there a similar command in Cisco IOS that can do this?
Otherwise the rogue host uses up all addresses in the DHCP pool as seen below
Internet 172.21.2.29 8 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.30 8 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.31 7 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.32 7 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.33 7 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.35 6 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.36 6 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.37 5 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.38 5 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.39 5 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.40 4 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.41 4 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.42 3 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.43 3 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.46 3 0080.9f63.217b ARPA FastEthernet0/0.1
02-03-2009 11:57 AM
Hy,
You can configure manual DHCP bindings for that HOST. In this way for that MAC address you will assign only 1 IP address.
I think this will resolve your problem.
Here is a link from CiscoDocCD:
But, of course, you have to see why that host is doing this!!
All the best,
Bogdan
02-03-2009 06:45 PM
Swaro:
There is a type of attack that can be launched to exhaust the DHCP pool in a network. This is called a DHCP starvation attack. It is typicaly launched by a machine that has been invaded and infected with a virus that would launch such an attack. The purpose is to use up all the IP addresses that your server has in its scope to offer network clients.
There is a mechanism that Cisco offers to mitigate such an attack and it is part of the DHCP Snooping solution.
In global config mode, type:
ip dhcp snooping
Under the x-Ethernet interface, type:
interface fastethernet 0/1
ip dhcp snooping limit 3
This will limit the number of DHCP Requests that the switch will forward to the DHCP server that it receives from that particular port to 3 per second. You can limit it to one, if you feel it necessary.
HTH
Victor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide