Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to Stop DHCP Snooping from unknown device

Hi,

Recently in one of our remote Network, there was an DHCP snooping from an unknown device(Netgear HUB) and this device has caused most of the device to have IP address from the Netgear HUB instead of the actual DHCP server. Due to this the Network went down.

IS there anyway to secure the LAN from such malicious devices ?

the entire LAN has 3560 access switches & 6506 as the Core switch, please advice to avoid such incidents in our Network.

Thanks

3 REPLIES
Silver

Re: How to Stop DHCP Snooping from unknown device

Hi

With a feature called "ip dhcp snooping", have a look at this link, it explains how to do it.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swdhcp82.html

/Mikael

New Member

Re: How to Stop DHCP Snooping from unknown device

Hi,

Thanks for your reply. Do i need to enable DHCP snooping in both the core & access switches or only in the core switch ? if only on the core switch, will it affect if a Netgear or Wireless AP running unknown DHCP Pool connected on VLAN Xyz provide IP(unknown IP) to the hosts connected on the same vlan Xyz.

/yoga

Silver

Re: How to Stop DHCP Snooping from unknown device

Hi

In my opinion it's most important to enable it at the access-layer to prevent users to connect devices that offers dhcp.

If you have servers connected to the core-switch, I would implement it even in the core.

/Mikael

441
Views
0
Helpful
3
Replies
CreatePlease login to create content