DHCP authentication

Unanswered Question
May 1st, 2009
User Badges:

I want to turn a Cisco router to be a DHCP server, will it support authetication. I want to restrict the hosts which can get address from the DHCP server.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Laurent Aubert Sun, 05/03/2009 - 10:03
User Badges:
  • Cisco Employee,


There is no authentication mechanism embedded in the DHCP protocol.

You could do manual bindings and would need a pool per host. Use the client-identifier to bind your host to a pool:

ip dhcp pool POOL


client-identifier 0100.1b77.66cf.55




The client-identifier for windows host is 01 prepended to the mac-address



sujitkr7cisco Sun, 05/03/2009 - 14:35
User Badges:

we can use FTP server where ip address and corresponding Mac address will (.txt file ) be mention .In this, when user wants ip through DHCP sever ,first goes to FTP sever ( *.txt) and after match , gets the corresponding IP address.

Note :- Static ip address has always

more preference than DHCP ip address.

Thanks ,


c.captari Sun, 05/03/2009 - 17:28
User Badges:
  • Bronze, 100 points or more

You may want to have a look at DHCP snooping:


Basically this helps you define which interfaces are in trusted mode to receive DHCP conversations. It has a lot of features. I advise you to read the PDF.

From Cisco:

DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages

and by building and maintaining a DHCP snooping binding table. An untrusted message is a message

that is received from outside the network or firewall and that can cause traffic attacks within your


The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type,

VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch;

it does not contain information regarding hosts interconnected with a trusted interface. An untrusted

interface is an interface that is configured to receive messages from outside the network or firewall. A

trusted interface is an interface that is configured to receive only messages from within the network.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way

to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected

to the DHCP server or another switch.


This Discussion