02-03-2009 08:45 AM - edited 03-06-2019 03:50 AM
I have a host on the network that makes multiple DHCP request in rapid succession. We have since moved the DHCP pool from a 2800 router running 12.4(22)T to a Windows 2003 server. The Windows server has a DHCP option to limit 1 DHCP request per mac-address. Is there a similar command in Cisco IOS that can do this?
Otherwise the rogue host uses up all addresses in the DHCP pool as seen below
Internet 172.21.2.29 8 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.30 8 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.31 7 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.32 7 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.33 7 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.35 6 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.36 6 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.37 5 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.38 5 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.39 5 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.40 4 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.41 4 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.42 3 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.43 3 0080.9f63.217b ARPA FastEthernet0/0.1
Internet 172.21.2.46 3 0080.9f63.217b ARPA FastEthernet0/0.1
02-03-2009 11:57 AM
Hy,
You can configure manual DHCP bindings for that HOST. In this way for that MAC address you will assign only 1 IP address.
I think this will resolve your problem.
Here is a link from CiscoDocCD:
But, of course, you have to see why that host is doing this!!
All the best,
Bogdan
02-03-2009 06:45 PM
Swaro:
There is a type of attack that can be launched to exhaust the DHCP pool in a network. This is called a DHCP starvation attack. It is typicaly launched by a machine that has been invaded and infected with a virus that would launch such an attack. The purpose is to use up all the IP addresses that your server has in its scope to offer network clients.
There is a mechanism that Cisco offers to mitigate such an attack and it is part of the DHCP Snooping solution.
In global config mode, type:
ip dhcp snooping
Under the x-Ethernet interface, type:
interface fastethernet 0/1
ip dhcp snooping limit 3
This will limit the number of DHCP Requests that the switch will forward to the DHCP server that it receives from that particular port to 3 per second. You can limit it to one, if you feel it necessary.
HTH
Victor
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: