Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

preventing fake DHCP

abdullah.ali
Occasional Advisor

preventing fake DHCP

hi,

Q1
in a big network in terms of vlans and switches (which is already configured and connected) how can we prevent fake dhcp servers from being active on the network.

Q2
please provide some good practices of the ACL's to protect the network resources.
4 REPLIES
Matt Hobbs
Honored Contributor

Re: preventing fake DHCP

Q1. dhcp-snooping
cenk sasmaztin
Honored Contributor

Re: preventing fake DHCP

Q1

sw(config)# dhcp-snooping
sw(config)# dhcp-snooping authorized-server 192.xxx.xxx.xxx
sw(config)# dhcp-snooping trust 1

interface 1 connect dhcp server
other all port untrust for dhcp server


Q2
please provide some good practices of the ACL's to protect the network resources.

what do you want whit ACL ?







cenk

abdullah.ali
Occasional Advisor

Re: preventing fake DHCP

regarding DHCP snooping, if i have a core and an edge and the dhcp server is in port 1 on the core, how should i configure the trusted ports on the edge?

please choose the answer of the following only if you are sure 100%:
1)configure all edge switches' ports as untrusted
2)configure all edge switches' ports as untrusted except the uplink one

cenk sasmaztin
Honored Contributor

Re: preventing fake DHCP

configure all edge switch port and authorized dhcp server port must be trust port.

all other client port must be untrust

cenk sasmaztin
cenk