Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3628
Views
5
Helpful
2
Replies

How do you stop multiple DHCP requests from a host

swaro2000
Level 1
Level 1

‎02-03-2009 08:45 AM - edited ‎03-06-2019 03:50 AM

I have a host on the network that makes multiple DHCP request in rapid succession. We have since moved the DHCP pool from a 2800 router running 12.4(22)T to a Windows 2003 server. The Windows server has a DHCP option to limit 1 DHCP request per mac-address. Is there a similar command in Cisco IOS that can do this?

Otherwise the rogue host uses up all addresses in the DHCP pool as seen below

Internet 172.21.2.29 8 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.30 8 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.31 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.32 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.33 7 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.35 6 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.36 6 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.37 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.38 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.39 5 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.40 4 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.41 4 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.42 3 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.43 3 0080.9f63.217b ARPA FastEthernet0/0.1

Internet 172.21.2.46 3 0080.9f63.217b ARPA FastEthernet0/0.1

Labels:
0 Helpful
2 Replies 2

BOGDAN OVIDIU STANCIU
Level 1
Level 1

‎02-03-2009 11:57 AM

Hy,

You can configure manual DHCP bindings for that HOST. In this way for that MAC address you will assign only 1 IP address.

I think this will resolve your problem.

Here is a link from CiscoDocCD:

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_svr_cfg_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1155880

But, of course, you have to see why that host is doing this!!

All the best,

Bogdan

0 Helpful

lamav
Level 8
Level 8

‎02-03-2009 06:45 PM

Swaro:

There is a type of attack that can be launched to exhaust the DHCP pool in a network. This is called a DHCP starvation attack. It is typicaly launched by a machine that has been invaded and infected with a virus that would launch such an attack. The purpose is to use up all the IP addresses that your server has in its scope to offer network clients.

There is a mechanism that Cisco offers to mitigate such an attack and it is part of the DHCP Snooping solution.

In global config mode, type:

ip dhcp snooping

Under the x-Ethernet interface, type:

interface fastethernet 0/1

ip dhcp snooping limit 3

This will limit the number of DHCP Requests that the switch will forward to the DHCP server that it receives from that particular port to 3 per second. You can limit it to one, if you feel it necessary.

HTH

Victor

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card