Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to filter DHCP packets from/to a server?

Hi,

a power analyzer in my network is sending some packets that are

unexpected and incorrectly recognized as DHCPOFFERS. As a workaround, I would like to filter those packets with my Cisco switch 3750.

Suppose IP_POWER_ANALYZER is the ip address, what could be the best choice

1. deny udp any IP_POWER_ANALYZER eq bootpc

2. deny udp any IP_POWER_ANALYZER eq bootpc; deny udp IP_POWER_ANALYZER any eq bootps

3. deny udp any eq bootpc IP_POWER_ANALYZER eq bootps

4. ?

Are 2. and 3. equivalent?

Thank you

2 REPLIES
Purple

How to filter DHCP packets from/to a server?

Hi,

1) deny any udp packet sent to port 68 of the server

2 and 3 are not the same:

2) deny any udp packet  sent to port 68 of the server  and sent from the server to  any on port 67

3) deny any udp packet from port 68 sent to the server on port 67

So:

1) the server won't receive DHCP packets from a server( OFFER,ACK,NACK)

2) the server won't receive any packets from a dhcp server like in 1 but also won't send any DHCP client requests

3)the server won't receive DHCP client requests( DISCOVER,REQUEST)

So I think none of these is what you want but instead:

deny udp IP_POWER_ANALYZER eq bootps any eq bootpc

Regards.

Alain

Don't forget to rate helpful posts.
New Member

How to filter DHCP packets from/to a server?

Have you thought about using DHCP snooping?

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/swdhcp82.html#wp1058138

"DHCP snooping is a DHCP security feature that provides network security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding database, also referred to as a DHCP snooping binding table.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. You use DHCP snooping to differentiate between untrusted interfaces connected to the end user and trusted interfaces connected to the DHCP server or another switch."

2321
Views
0
Helpful
2
Replies