If you know you have a pc which is working as a DHCP server and you are not using it and you are using 3550 as a DHCP server why don't you just disable the DHCP service on that pc?
You could apply an access-list to all switch ports connected to PCs that blocks inbound UDP packets with a source port of BOOTPS (udp/67)...
Hope that helps - pls rate the post if it does.
I didn't understood this part. What will be my source ip in ACL cause PC had not yet got an ip from DHCP.
Correct me if I mistook your explaination?
The idea is to block packets *from* the rogue PC which is running a DHCP server. This PC would have a valid IP address .. so if you blocked such packets from all ports except the one connected to the real DHCP server, you could prevent the accidental or malicious PC from disrupting DHCP on the network.
I haven't tried this myself but it just seems like something that could work :-)
Yes, that's true, the PC's will fetch the DHCP IP from the DHCP server which get the request first and replies back.
If that a single PC in your n/w and you know the IP and all, then you can use the ACLS to block the DHCP traffic to and from the server on the UDP ports.
HTH, Please rate if it does.
I did read some dhcp snoofing material, but dont know how to apply.
in additional, i am using 3550 as level2 switch only. will the ACL still work?
Configure the global command "ip dchp snooping" then the interface command "no ip dhcp snooping trust" on the interface that the rogue DHCP server is attached to.
Hope this helps, please rate helpful posts.
what about manual assigned IPadresses ? have you thought aboyt that ? if not u probably need an spoofing acl too to protect against this.
Dont know if Cisco has a function that can protect against this auto.