Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP rogue server

I am trying to find a dhcp rogue server on a 3750. I am suspecting that the device is connected to a couple of switch stacks. I tried to use the dhcp snooping option but i cant see the table being build. I dont run dhcp pool on switches, I use ip helper dhcp server Ip address on the cores. I have enabled dhcp only on the access switches. the following are the commands used :

conf t

ip dhcp snooping

ip dhcp snooping vlan X

please let me know if I am missing anything here. I have an ipbase image on the 3750s is that the problem?

13 REPLIES
Hall of Fame Super Silver

Re: DHCP rogue server

Hello Prakadeesh,

if there are users Pcs affected ask them to open a shell and then have them perform

ipconfig /all

arp -g

then look for the mac address of the fake GW on the cam tables of your switches it has to be on the same vlan of the affected user.

Be aware that there are also some virus worms that turn an infected PC in a DHCP rogue server passing wrong information.

Hope to help

Giuseppe

Re: DHCP rogue server

Prakadeesh,

You need to add "ip dhcp snooping trust " on the interfaces that dhcp server packets coming in. In your case you have to add this command on the uplinks to Coreswitch(ip helper is there).

Please check out this link : http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swdhcp82.html#wp1058243

Hopes I correctly understand your question.

Toshi

Purple

Re: DHCP rogue server

Guiseppe will have to remember that arp -g trick on a machine that is having a problem . Learn something new everyday :-)

Hall of Fame Super Bronze

Re: DHCP rogue server

You are missing some other guidelines:

If a switch port is connected to a DHCP server or to another switch|router, configure a port as trusted by entering the ip dhcp snooping trust interface configuration command.

•If a switch port is connected to a DHCP client, configure a port as untrusted by entering the no ip dhcp snooping trust interface configuration command.

HTH,

__

Edison.

New Member

Re: DHCP rogue server

Hello all,

Thanks for the reply and guidance, I was about to check the arp table on the machines, but some one tried a iprenew and the pc picked up a proper dhcp. The problem also seems very intermittent to. will try out your guidelines. Just a quick question is dhcp snooping only present in Enhanced feature set or IPbase?

Re: DHCP rogue server

Prakadeesh,

IPBase is fine for dhcp snooping.

Here you go: http://www.cisco.com/go/fn

HTH,

Toshi

New Member

Re: DHCP rogue server

Hello Folks,

I have managed to find the dhcp rogue and removed it. Thanks for all your support. I am planning to implement the IP DHCP snooping trust and untrusted ports on all our edge switches C3750, but I am a bit concerned about the CPU utilisation on the switch stack. Please let me know your thoughts if it will do more good or bad?

Thanks,

Prakadeesh

Hall of Fame Super Bronze

Re: DHCP rogue server

The process runs completely in hardware and it will not affect your CPU.

__

Edison.

New Member

Re: DHCP rogue server

Thanks Edison,

Thats a relief. I am planning to configure dhcp snooping on all the edge switch end user ports as untrusted and the uplink trunk ports to the core switch as trusted. The dhcp servers are connected to core switches. Now have a couple of queries, please help with this:

1.Should the downstream link on the cores that connect to these access switch needs to be configured as trusted too? Does that mean dhcp snooping should be globally enabled on the cores as well?

2.Is a database agent absolutely needed on the access switch? I understand that the agent helps in rebuilding the database after reload. But if the agent is not present does that mean that none of the egde ports will be able to get DHCP again?

Please help with this,

Thanks,

Hall of Fame Super Bronze

Re: DHCP rogue server

1. Yes and Yes.

2. The snooping database is dynamically created when DHCP snooping is enabled and it captures all the unstrusted interface information. You can't have snooping enabled without the binding database.

__

Edison.

New Member

Re: DHCP rogue server

Thanks again Edison,

Since I dont want the cores to buld up any database, I will just configure dhcp snooping globally and just configure the downstream links as trusted. But in the access switches, I will enable the dhcp snooping globally, and the snooping for all the vlans as well as the trusted and untrusted port. Hope my understanding is clear.

thanks,

Prakadeesh

Hall of Fame Super Bronze

Re: DHCP rogue server

Your understanding is not correct.

Enabling DHCP Snooping globally will automatically set all switchports on untrusted mode hence creating the database to maintain a state for those switchports.

I don't understand the angst on the database, it does not cause any CPU issue.

New Member

Re: DHCP rogue server

Thanks Edison,

The only issue I had with the database was that we cant use the NVRAM for that( because we may overrun the free space) so, you will have to point the database somewhere else like tftp server or like that. In that case when the switch reloads the database is reloaded from the tftp as NVRAM database could be lost( I assume) .

-thanks

deesh

339
Views
5
Helpful
13
Replies
CreatePlease to create content