10-20-2002 07:04 PM - edited 03-02-2019 02:13 AM
Is it possible to forward all DHCP broadcast to a dedicated Fastethernet port on a cisco 5509? If yes, how to do it?
P/s I am trying to prevent illegitimate DHCP server from replying DHCP request from client in my network.
10-21-2002 04:28 AM
That's exactly what "ip helper-address" do. Also, look for "ip forward-protocol", and "ip directed-broadcast" for UDP broadcast.
Ming
10-21-2002 08:46 PM
Hi Ming,
What I wanted is to forward all DHCP request to a dedicated Fastethernet port where my DHCP server resides. I am trying to prevent illegitimate DHCP server that is accidentally being fire up from answering the request from clients in my network.
The ip helper only helps forward DHCP broadcast but any server in the network can answer the broadcast.
Many Thks.
Victor
11-08-2002 10:23 AM
DHCP requests are broadcasts. Period.
Do you have a problem w/ security? Sounds like this is what needs to be addressed.
You may want to run port scans to check for active bootp responses from invalid/malicious DHCP servers. If the results show hits from bad servers...
Write a script... Send to pager... viola... Escort user out the door....
As far as I know you can't secure DHCP... OK.. what if you could lock down the responses to only a valid dhcp server, I come along a start spoofing my client's MAC address and request an IP.... I don't stop there I change my MAC address again... In fact I don't stop until your server has exhausted its entire DHCP pool.
Sounds like fun.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide