dhcp

Unanswered Question
Siddharth Chand... Thu, 08/12/2010 - 11:12

a. There is no easy way. But you can do some troubleshooting to try to find out where it resides.

b. Note down the ip address of the legitimate DHCP server on your network. (cmd  ipconfig/all) Take a couple of test workstations, from cmd you can do release/renew multiple times and see if the DHCP server ip changes to one that not the legitimate DHCP server.

c. So now that you know the ip of the rogue DHCP server, ping the ip from the switch. Then do a show arp . This will map the ip to a mac-address. Then do a show mac-address-table <>. This will map the mac-address to a port. Go on to the next networking device till you find the port the DHCP server is connected to.

d. Additionally, you can try to configure DHCP snooping which can prevent rougue DHCP servers to reply to DHCP requests.

Sid Chandrachud

TAC Security Solutions

Customer Support Engineer

Chad Peterson Tue, 08/17/2010 - 10:50

Just to add on to what Sid already said.  DHCP snooping will report where these rogue servers are.  We support it on just about all of our switches, so likely its an option...and overall its really easy to configure...even if you are just configuring it for an evening to find out where these rogues are.

Actions

This Discussion