Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DHCP servers plugged in bkwds in our LAN

I work for Cox Communications and we have several apartment complexes in the Bryan region. They are in a standard layer 2 LAN environment with fiber back to our headend using 3550-48's. The problem is, some customers are plugging in their lynksys routers backwards and answering DHCP request from our other customers on the LAN and therefore, they are receiving 192 addy's from this device. I know of dhcp snooping on the 4000's but that isn't available on the 3550 and I can't figure out how to implement ACLs since everything is layer 2. Port security would work, but our GM in Bryan doesn't want to do that because these are college students and transfer files back and forth to each other. Does anyone have any suggestions on what I can do to restrict the ports from answering dhcp broadcast packets?

2 REPLIES
Bronze

Re: DHCP servers plugged in bkwds in our LAN

I think you can put a Layer3 ACL on a layer 2 port on a 3550 (inbound only):

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/3550scg/swacl.htm#75854

UDP port 68=DHCP client

UDP port 67=DHCP server

Maybe an ACL:

access-list 100 deny udp any eq bootps any eq bootpc

access-list 100 permit ip any any

and then access-group 100 in on all your ports except for the one that has your authorized DHCP server would do the trick?

Not sure...never tried it

New Member

Re: DHCP servers plugged in bkwds in our LAN

I will do some testing with our on-site engineer with this tomorrow. It does seem like it should work, I will let you know. Thanks

86
Views
0
Helpful
2
Replies