01-14-2012 07:59 AM - edited 03-07-2019 04:21 AM
Need to prevent unauthorized users from getting IP address from DHCP when connected to our wired network.
In few remote sites we run DHCP for voice & data in the router where only limited users (around 30)are operating. We dont have IT assistance in those sites.
Our business is automotive and we let customers/users to our premise. We need to block the unauthorized user from using our network.
Any configuration can be done in the cisco access switch level?
Thanks in advance...
01-14-2012 08:27 AM
Hi,
You can try deploying DHCP snooping.
here is a link for your reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/dhcp.pdf
HTH
01-14-2012 09:08 AM
Hi Reza,
I don't think DHCP snooping could prevent users from getting an address from the server as its goal is to prevent unauthorized DHCP servers and eventually rate)limit the client requests.
I think that dot1x should be more appropriate for this case.
Regards.
Alain
01-14-2012 09:29 AM
Hi Alain,
I beleive that is the best option for which we require an authentication server. Any other possibility without the AAA server.
Reagrds,
Raffi...
01-14-2012 10:09 AM
you can enable port security on switch port and limit it to only one approved mac address
Sent from Cisco Technical Support iPad App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: