08-12-2010 09:23 AM - edited 03-06-2019 12:27 PM
hi! how do i check which sw/port a rogue dhcp is connected in my switch?
thx
08-12-2010 11:12 AM
a. There is no easy way. But you can do some troubleshooting to try to find out where it resides.
b. Note down the ip address of the legitimate DHCP server on your network. (cmd ipconfig/all) Take a couple of test workstations, from cmd you can do release/renew multiple times and see if the DHCP server ip changes to one that not the legitimate DHCP server.
c. So now that you know the ip of the rogue DHCP server, ping the ip from the switch. Then do a show arp
d. Additionally, you can try to configure DHCP snooping which can prevent rougue DHCP servers to reply to DHCP requests.
Sid Chandrachud
TAC Security Solutions
Customer Support Engineer
08-17-2010 10:50 AM
Just to add on to what Sid already said. DHCP snooping will report where these rogue servers are. We support it on just about all of our switches, so likely its an option...and overall its really easy to configure...even if you are just configuring it for an evening to find out where these rogues are.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: