05-01-2009 02:05 PM - edited 03-04-2019 04:36 AM
I want to turn a Cisco router to be a DHCP server, will it support authetication. I want to restrict the hosts which can get address from the DHCP server.
Thanks,
05-03-2009 10:03 AM
Hi,
There is no authentication mechanism embedded in the DHCP protocol.
You could do manual bindings and would need a pool per host. Use the client-identifier to bind your host to a pool:
ip dhcp pool POOL
host 10.1.1.4 255.255.255.0
client-identifier 0100.1b77.66cf.55
dns-server 24.200.241.37 24.201.245.77
default-router 10.1.1.254
!
The client-identifier for windows host is 01 prepended to the mac-address
HTH
Laurent.
05-03-2009 02:35 PM
we can use FTP server where ip address and corresponding Mac address will (.txt file ) be mention .In this, when user wants ip through DHCP sever ,first goes to FTP sever ( *.txt) and after match , gets the corresponding IP address.
Note :- Static ip address has always
more preference than DHCP ip address.
Thanks ,
Sujeet
05-03-2009 05:28 PM
You may want to have a look at DHCP snooping:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/dhcp.pdf
Basically this helps you define which interfaces are in trusted mode to receive DHCP conversations. It has a lot of features. I advise you to read the PDF.
From Cisco:
DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages
and by building and maintaining a DHCP snooping binding table. An untrusted message is a message
that is received from outside the network or firewall and that can cause traffic attacks within your
network.
The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type,
VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch;
it does not contain information regarding hosts interconnected with a trusted interface. An untrusted
interface is an interface that is configured to receive messages from outside the network or firewall. A
trusted interface is an interface that is configured to receive only messages from within the network.
DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way
to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected
to the DHCP server or another switch.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: