08-12-2010 09:23 AM - edited 03-06-2019 12:27 PM
hi! how do i check which sw/port a rogue dhcp is connected in my switch?
thx
08-12-2010 11:12 AM
a. There is no easy way. But you can do some troubleshooting to try to find out where it resides.
b. Note down the ip address of the legitimate DHCP server on your network. (cmd ipconfig/all) Take a couple of test workstations, from cmd you can do release/renew multiple times and see if the DHCP server ip changes to one that not the legitimate DHCP server.
c. So now that you know the ip of the rogue DHCP server, ping the ip from the switch. Then do a show arp
d. Additionally, you can try to configure DHCP snooping which can prevent rougue DHCP servers to reply to DHCP requests.
Sid Chandrachud
TAC Security Solutions
Customer Support Engineer
08-17-2010 10:50 AM
Just to add on to what Sid already said. DHCP snooping will report where these rogue servers are. We support it on just about all of our switches, so likely its an option...and overall its really easy to configure...even if you are just configuring it for an evening to find out where these rogues are.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide