Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
783
Views
0
Helpful
3
Replies

Limiting DHCP Broadcast.

firaci633
Level 1
Level 1

‎10-20-2002 07:04 PM - edited ‎03-02-2019 02:13 AM

Is it possible to forward all DHCP broadcast to a dedicated Fastethernet port on a cisco 5509? If yes, how to do it?

P/s I am trying to prevent illegitimate DHCP server from replying DHCP request from client in my network.

Labels:
0 Helpful
3 Replies 3

minie
Level 4
Level 4

‎10-21-2002 04:28 AM

That's exactly what "ip helper-address" do. Also, look for "ip forward-protocol", and "ip directed-broadcast" for UDP broadcast.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/iprprt1/1rdipadr.htm#xtocid21

Ming

0 Helpful

firaci633
Level 1
Level 1
In response to minie

‎10-21-2002 08:46 PM

Hi Ming,

What I wanted is to forward all DHCP request to a dedicated Fastethernet port where my DHCP server resides. I am trying to prevent illegitimate DHCP server that is accidentally being fire up from answering the request from clients in my network.

The ip helper only helps forward DHCP broadcast but any server in the network can answer the broadcast.

Many Thks.

Victor

0 Helpful

matt.alvord
Level 1
Level 1
In response to firaci633

‎11-08-2002 10:23 AM

DHCP requests are broadcasts. Period.

Do you have a problem w/ security? Sounds like this is what needs to be addressed.

You may want to run port scans to check for active bootp responses from invalid/malicious DHCP servers. If the results show hits from bad servers...

Write a script... Send to pager... viola... Escort user out the door....

As far as I know you can't secure DHCP... OK.. what if you could lock down the responses to only a valid dhcp server, I come along a start spoofing my client's MAC address and request an IP.... I don't stop there I change my MAC address again... In fact I don't stop until your server has exhausted its entire DHCP pool.

Sounds like fun.

0 Helpful
Customers Also Viewed These Support Documents