Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2281
Views
0
Helpful
2
Replies

Block a Single IP address

Go to solution
angel-moon
Level 3
Level 3

‎10-23-2013 12:49 PM - edited ‎03-07-2019 04:12 PM

Hello everyone,

I seem to have a rogue DHCP server on the network and have not been able to locate it.  The switch shows it connected to switchport Po1, which I believe is the EtherChannel.  can someone send me the commends or a link to blocking a single IP address from network access?  router or switch level is fine.   Thanks in advance!

all replies rated'\\\               

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mvsheik123
Level 7
Level 7

‎10-23-2013 01:25 PM

Hello,

Try ths on the router interface/vlan interface.

!

ip access-list 100 deny udp any any eq 68      --> If i remember correct, server uses udp/68 to comunicate with clients

ip access-list 100 permit ip any any

!

int vlanx (where the rogue dhcp server located)

ip access-group 100 in

!

Thx

MS

      

Edit: if you know the IP address of rogue server, you can as well use host IP instead of 'any'.

Also, Cisco's recomendation is to use 'dhcp snooping'. Check cisco docs for more explanation.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mvsheik123
Level 7
Level 7

‎10-23-2013 01:25 PM

Hello,

Try ths on the router interface/vlan interface.

!

ip access-list 100 deny udp any any eq 68      --> If i remember correct, server uses udp/68 to comunicate with clients

ip access-list 100 permit ip any any

!

int vlanx (where the rogue dhcp server located)

ip access-group 100 in

!

Thx

MS

      

Edit: if you know the IP address of rogue server, you can as well use host IP instead of 'any'.

Also, Cisco's recomendation is to use 'dhcp snooping'. Check cisco docs for more explanation.

0 Helpful

Go to solution
angel-moon
Level 3
Level 3
In response to mvsheik123

‎10-24-2013 06:18 AM

Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card