Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Can i prevent DHCP broadcast from passing throught certain port

Hi,

I have 2 locations connected throught VPN link through Cisco switches 2960, each location has a lan and has a dhcp server.

can i prevent dhcp broadcst on switch port from passing to vpn link.

Thanks in Advance

19 REPLIES
Hall of Fame Super Bronze

Re: Can i prevent DHCP broadcast from passing throught certain p

You can configure 'DHCP Snooping' and only trust the port where the local DHCP server is connected to.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_50_se/configuration/guide/swdhcp82.html

Regards

Edison.

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

Ok,

but I mean that i want to block Dhcp broadcast from my lan to go to WAN link between two locations, my problem is the traffic through WAN link.

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

Ok,

but I mean that i want to block Dhcp broadcast from my lan to go to WAN link between two locations, my problem is the traffic through WAN link.

Re: Can i prevent DHCP broadcast from passing throught certain p

Hi,

Unfortunately , you either block broadcast on a certain level or block all the broadcast traffic on the port.

But you have an option to rate limit the DHCP requests on the untrusted ports as recommended by Cisco to reduce DHCP packet requests.

HTH

Mohamed

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

Thank you very much for your help,

but i want to know how to block all broadcast on the port(i want to block broadcast from leaving the port) by command.

Re: Can i prevent DHCP broadcast from passing throught certain p

Hi,

The command is:

Switch port block broadcast

HTH

Mohamed

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

thank you for your reply Mohamed

New Member

That is not working for me.

That is not working for me.  Tried it as one word or two:

 

(config)#int Gi0/6
(config-if)#switchport block broadcast
                                       ^
% Invalid input detected at '^' marker.

(config-if)#switch port block broadcast
                                  ^
% Invalid input detected at '^' marker.

 

 

(config-if)#switchport ?
  access         Set access mode characteristics of the interface
  autostate      Include or exclude this port from vlan link up calculation
  backup         Set backup for the interface
  block          Disable forwarding of unknown uni/multi cast addresses
  host           Set port host
  mode           Set trunking mode of the interface
  nonegotiate    Device will not engage in negotiation protocol on this interface
  port-security  Security related command
  priority       Set appliance 802.1p priority
  private-vlan   Set the private VLAN configuration
  protected      Configure an interface to be a protected port
  trunk          Set trunking characteristics of the interface
  voice          Voice appliance attributes
  <cr>

(config-if)#switchport block ?
  multicast  Block unknown multicast addresses
  unicast    Block unknown unicast addresses

 

 

*Note broadcast is not an option.

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

Which type of VPN are you using now?

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

Site VPN through local loop not through the internet,connect 2 branches

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

Site VPN through local loop not through the internet,connect 2 branches

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

So there's a layer 3 connection between two branches through site-to-site vpn, right?

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

right

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

If these two branches have different networks, then DHCP broadcast packets can not pass thought the VPN link, unless you have enabled broadcast forwarding.

I mean DHCP broadcast should not cross to the other side, shouldn't it?

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

Ok,

but i make the routers working as a switch, and the two branches are in the same network, So i want to prevent DHCP broadcast through the wan link.

you got it?

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

I think port-based ACL can limit DHCP broadcast packets crossing the wan link.

For example:

deny udp any any eq 67

deny udp any eq 67 any

I'm basing the statements on the wan link does not require any DHCP traffic.

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

All right that i want to implement

but the port-based ACL can be configured on the switch 2960 or 3750

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

New Member

Re: Can i prevent DHCP broadcast from passing throught certain p

Right

9640
Views
0
Helpful
19
Replies
CreatePlease to create content