Is there a way to configure an access list that will prevent machines from using spoofed addresses while still allowing for DHCP clients to communicate with the dhcp server? We've set up an ACL that only allows for our addresses onto each VLAN. But pc's just booting up w/o addresses arent allowed onto the network to contact the DHCP server. Is it just a matter of allow 0.0.0.0's and 169.x.x.x's? Cisco's site had a white paper on stopping the spoofing, but the lines just had comments saying, "dont do this in a dhcp environment." We're currently experiencing numerous DOS attacks from the inside using spoofed addresses, please advise.