Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Security DHCP

HI,

We have enabled DHCP in a 3660 Router, we have two core swith (6509), access switch are around 25.

We had a problem, an End User added a DSL Router to the LAN with DHCP enabled, then all user started to use this DHCP, it´s a big problem, do you know what i can do to avoid it ? how can i block it ?

Thank you, regards. Luis

1 REPLY

Re: Security DHCP

I'm thinking DHCP Snooping on switches that supports it. By making all the user port untrusted, the true DHCP server and DHCP Relay Agent trusted ports. Typically, the trusted ports are used to reach a DHCP server or relay agent. When the switch receives the DHCP packets from an untrusted port, DHCP snooping validates that only the DHCP packets from the clients are allowed and verifies that no spoofing of information is occurring. So, a DHCP response from an untrusted port will cause that bogus DHCP server to not act as DHCP server.

151
Views
0
Helpful
1
Replies
CreatePlease login to create content