Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2310
Views
0
Helpful
3
Replies

DHCP authentication

yuhuiyao
Level 1
Level 1

‎05-01-2009 02:05 PM - edited ‎03-04-2019 04:36 AM

I want to turn a Cisco router to be a DHCP server, will it support authetication. I want to restrict the hosts which can get address from the DHCP server.

Thanks,

Labels:
0 Helpful
3 Replies 3

Laurent Aubert
Cisco Employee
Cisco Employee

‎05-03-2009 10:03 AM

Hi,

There is no authentication mechanism embedded in the DHCP protocol.

You could do manual bindings and would need a pool per host. Use the client-identifier to bind your host to a pool:

ip dhcp pool POOL

host 10.1.1.4 255.255.255.0

client-identifier 0100.1b77.66cf.55

dns-server 24.200.241.37 24.201.245.77

default-router 10.1.1.254

!

The client-identifier for windows host is 01 prepended to the mac-address

HTH

Laurent.

0 Helpful

sujitkr7cisco
Level 1
Level 1

‎05-03-2009 02:35 PM

we can use FTP server where ip address and corresponding Mac address will (.txt file ) be mention .In this, when user wants ip through DHCP sever ,first goes to FTP sever ( *.txt) and after match , gets the corresponding IP address.

Note :- Static ip address has always

more preference than DHCP ip address.

Thanks ,

Sujeet

0 Helpful

c.captari
Level 1
Level 1

‎05-03-2009 05:28 PM

You may want to have a look at DHCP snooping:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/dhcp.pdf

Basically this helps you define which interfaces are in trusted mode to receive DHCP conversations. It has a lot of features. I advise you to read the PDF.

From Cisco:

DHCP snooping is a DHCP security feature that provides security by filtering untrusted DHCP messages

and by building and maintaining a DHCP snooping binding table. An untrusted message is a message

that is received from outside the network or firewall and that can cause traffic attacks within your

network.

The DHCP snooping binding table contains the MAC address, IP address, lease time, binding type,

VLAN number, and interface information that corresponds to the local untrusted interfaces of a switch;

it does not contain information regarding hosts interconnected with a trusted interface. An untrusted

interface is an interface that is configured to receive messages from outside the network or firewall. A

trusted interface is an interface that is configured to receive only messages from within the network.

DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. It also gives you a way

to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected

to the DHCP server or another switch.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card