Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP/Duplication of IP address on LAN

Hi

Is there any mechanism in Cisco Switch that can prevent duplication of IP address on LAN.eg like port gets disabled it self .

Secondly any mechanism that can prevent rouge DHCP servers.

recently I have visited a university network students on purpose install DHCP server or tools that can act like dhcp servers that caused duplications or some times different range of ip addressing on the network

1 ACCEPTED SOLUTION

Accepted Solutions

Re: DHCP/Duplication of IP address on LAN

for preventing rouge DHCP server

there is feature in cisco switches called dhcp snooping

this feature prevent any port to send dhcp offers unless it consdered trused based on the configuration

so all port will be untrusted except ports that connected to a dhcp server and links between switches

this is in brief

and this feature also build a data base on the swtich that contain the client ip from the dhcp and the mak address in that port

this data base of dhcp snooping can be used with another feature called ip source gurd

which prevent any ip address that not in that data base in other words the ip must be in the data bse maped to mac address

so if some one try to pretend him self as another on by useing spoofed ip will not be able to do that

good luck

please, if helpful rate

2 REPLIES

Re: DHCP/Duplication of IP address on LAN

for preventing rouge DHCP server

there is feature in cisco switches called dhcp snooping

this feature prevent any port to send dhcp offers unless it consdered trused based on the configuration

so all port will be untrusted except ports that connected to a dhcp server and links between switches

this is in brief

and this feature also build a data base on the swtich that contain the client ip from the dhcp and the mak address in that port

this data base of dhcp snooping can be used with another feature called ip source gurd

which prevent any ip address that not in that data base in other words the ip must be in the data bse maped to mac address

so if some one try to pretend him self as another on by useing spoofed ip will not be able to do that

good luck

please, if helpful rate

New Member

Re: DHCP/Duplication of IP address on LAN

Hi

Thanks for the input

178
Views
0
Helpful
2
Replies