Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3635
Views
5
Helpful
2
Replies

How do you stop multiple DHCP requests from a host

swaro2000
Level 1
Level 1

‎02-03-2009 08:45 AM - edited ‎03-06-2019 03:50 AM

I have a host on the network that makes multiple DHCP request in rapid succession. We have since moved the DHCP pool from a 2800 router running 12.4(22)T to a Windows 2003 server. The Windows server has a DHCP option to limit 1 DHCP request per mac-address. Is there a similar command in Cisco IOS that can do this?

Otherwise the rogue host uses up all addresses in the DHCP pool as seen below

Internet 172.21.2.29 8 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.30 8 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.31 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.32 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.33 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.35 6 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.36 6 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.37 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.38 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.39 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.40 4 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.41 4 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.42 3 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.43 3 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.46 3 0080.9f63.217b ARPA FastEthernet0/0.1

Labels:
0 Helpful
2 Replies 2

BOGDAN OVIDIU STANCIU
Level 1
Level 1

‎02-03-2009 11:57 AM

Hy,

You can configure manual DHCP bindings for that HOST. In this way for that MAC address you will assign only 1 IP address.

I think this will resolve your problem.

Here is a link from CiscoDocCD:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_svr_cfg_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1155880

But, of course, you have to see why that host is doing this!!

All the best,

Bogdan

0 Helpful

lamav
Level 8
Level 8

‎02-03-2009 06:45 PM

Swaro:

There is a type of attack that can be launched to exhaust the DHCP pool in a network. This is called a DHCP starvation attack. It is typicaly launched by a machine that has been invaded and infected with a virus that would launch such an attack. The purpose is to use up all the IP addresses that your server has in its scope to offer network clients.

There is a mechanism that Cisco offers to mitigate such an attack and it is part of the DHCP Snooping solution.

In global config mode, type:

ip dhcp snooping

Under the x-Ethernet interface, type:

interface fastethernet 0/1

ip dhcp snooping limit 3

This will limit the number of DHCP Requests that the switch will forward to the DHCP server that it receives from that particular port to 3 per second. You can limit it to one, if you feel it necessary.

HTH

Victor

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card