Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Block a Single IP address

Hello everyone,

I seem to have a rogue DHCP server on the network and have not been able to locate it.  The switch shows it connected to switchport Po1, which I believe is the EtherChannel.  can someone send me the commends or a link to blocking a single IP address from network access?  router or switch level is fine.   Thanks in advance!

all replies rated'\\\               

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Block a Single IP address

Hello,

Try ths on the router interface/vlan interface.

!

ip access-list 100 deny udp any any eq 68      --> If i remember correct, server uses udp/68 to comunicate with clients

ip access-list 100 permit ip any any

!

int vlanx (where the rogue dhcp server located)

ip access-group 100 in

!

Thx

MS

      

Edit: if you know the IP address of rogue server, you can as well use host IP instead of 'any'.

Also, Cisco's recomendation is to use 'dhcp snooping'. Check cisco docs for more explanation.

2 REPLIES

Re: Block a Single IP address

Hello,

Try ths on the router interface/vlan interface.

!

ip access-list 100 deny udp any any eq 68      --> If i remember correct, server uses udp/68 to comunicate with clients

ip access-list 100 permit ip any any

!

int vlanx (where the rogue dhcp server located)

ip access-group 100 in

!

Thx

MS

      

Edit: if you know the IP address of rogue server, you can as well use host IP instead of 'any'.

Also, Cisco's recomendation is to use 'dhcp snooping'. Check cisco docs for more explanation.

New Member

Re: Block a Single IP address

Thanks!

173
Views
0
Helpful
2
Replies
CreatePlease to create content