Preventing/Eliminating Rogue DHCP Server

Unanswered Question
Jan 13th, 2010

Hi All!

Is there any possibilities on how to prevent or even stop a rogue DHCP server giving bad IP addresses?

We have a ligitimate DHCP server on our campus LAN that gives the right IP address for our dhcp client workstations but sometimes, a rogue DHCP server is up and also gives bad ip addresses.

How can this be eliminated? We cannot find the rogue dhcp server.

Please help.

Thanks to you all!!!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ganesh Hariharan Wed, 01/13/2010 - 01:50


DHCP snooping ensures IP integrity on a Layer 2 switched domain.With DHCP snooping, only a whitelist of IP addresses may access the network. The whitelist is configured at the switch port level, and the DHCP server manages the access control. Only specific IP addresses with specific MAC addresses on specific ports may access the IP network.DHCP snooping also stops attackers from adding their own DHCP servers to the network. An attacker-controlled DHCP server could wreak havoc in the network or even control it.

Check out the below link for configuring dhcp snooping in LAN hope that helps out your query !!




This Discussion