Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Lock Rogue Dhcp server from switch level best pactices

Please let me know the best practices to prevent rogue dhcp server inside network.

Let me know cisco have any tools to monitor the same from switch level

3 REPLIES

Re: Lock Rogue Dhcp server from switch level best pactices

Hi,

You will need to implement (DHCP Snooping) and trust DHCP on the required uplinks and access ports.

Another way is to check (IP Source Guard) Feature.

Please have a look at the attached document.

HTH

Mohamed

New Member

Re: Lock Rogue Dhcp server from switch level best pactices

Thanks Mohamed. Is this feature available on all models

Our model is 2600 series at layer two level .

Hall of Fame Super Silver

Re: Lock Rogue Dhcp server from switch level best pactices

Hello Rajeesh,

on several platforms are available security features like dynamic ARP inspection.

On the basis of DAI ip source guard and DHCP snooping are possible and the latter is the specific tool to use to fight rogue DHCP servers.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swdhcp82.html

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swdynarp.html

Be aware that if you enable DHCP snooping the default state for all ports is untrusted so you need to declare trusted the access ports where a legitimate DHCP server is connected and the uplinks from which another switch can see legitimate servers answers.

Hope to help

Giuseppe

295
Views
3
Helpful
3
Replies
CreatePlease login to create content