Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Limiting DHCP Broadcast.

Is it possible to forward all DHCP broadcast to a dedicated Fastethernet port on a cisco 5509? If yes, how to do it?

P/s I am trying to prevent illegitimate DHCP server from replying DHCP request from client in my network.

3 REPLIES
Bronze

Re: Limiting DHCP Broadcast.

That's exactly what "ip helper-address" do. Also, look for "ip forward-protocol", and "ip directed-broadcast" for UDP broadcast.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/iprprt1/1rdipadr.htm#xtocid21

Ming

New Member

Re: Limiting DHCP Broadcast.

Hi Ming,

What I wanted is to forward all DHCP request to a dedicated Fastethernet port where my DHCP server resides. I am trying to prevent illegitimate DHCP server that is accidentally being fire up from answering the request from clients in my network.

The ip helper only helps forward DHCP broadcast but any server in the network can answer the broadcast.

Many Thks.

Victor

New Member

Re: Limiting DHCP Broadcast.

DHCP requests are broadcasts. Period.

Do you have a problem w/ security? Sounds like this is what needs to be addressed.

You may want to run port scans to check for active bootp responses from invalid/malicious DHCP servers. If the results show hits from bad servers...

Write a script... Send to pager... viola... Escort user out the door....

As far as I know you can't secure DHCP... OK.. what if you could lock down the responses to only a valid dhcp server, I come along a start spoofing my client's MAC address and request an IP.... I don't stop there I change my MAC address again... In fact I don't stop until your server has exhausted its entire DHCP pool.

Sounds like fun.

293
Views
0
Helpful
3
Replies
CreatePlease login to create content