Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

restricting DHCP flooding on CISCO 2960 switch

We are one of the service providers having both static IP and DHCP customers... One of the BTS sites we have deployed a cisco 2960 switch to which BTS is connected through which DHCP customers connect..On the same switch a few static IP customers also terminate(Point to Point radio)... In one case a static IP customer terminated our link to his LAN port of the router in stead of the WAN port by mistake and our DHCP customers started getting IPs from his IP Pool... Is there anyway we can prevent this on the switch port on which the static ip customer terminates...

1 REPLY

Re: restricting DHCP flooding on CISCO 2960 switch

u can preven this by useing DHCP snoopng

just enable it golbaly

then

enter this command on each interface that u dont want it to offer DHCP

and enter this command with the word TRUST to each port connected to a DHCP server

in other word any oport configured with DHCP snoorping will be untrusted port so will not accept DHCP offres through it

while when u add the word "trust" to that command on the port level here u r trusting this port and accepting DHCP offers

Important:

make each port connect to DHCP server ( imean servers u want use) as dhcp snooping trust

also this command should be entered on ports or trunks connecting switches

all other ports

not trusted

dhcp snooping

also u can limit the rates for more advnced security

also this link good refrence

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/dhcp.html

good luck

please, if helpful rate

664
Views
0
Helpful
1
Replies
CreatePlease login to create content