Not sure what filtering capabilities you have on the switch, but you might be able to set all of the subscriber facing ports to block the forwarding out of DHCP DISCOVERs and REBINDS requests. I forget the details, but you can determine the directionality of the DHCP requests (DISCOVERs/REBINDs vs OFFERs/ACKs) based on the UDP port numbers and set in/out filters accordingly.
The cable companies encode similar filters in your cable modem to prevent someone with a DHCP server in their home from hearing and responding to DHCP requests from the rest of the neighborhood. Lo Ching wrote: > > Dear All, > > We have configured DHCP server at the CORE switch and this will > assign the ip address to the client located at edge switch. > PC---edge switch-----GE uplink---CORE---DHCP server > (The network is pure Layer 2 network) > > But we are afraid that some end users will place their own DHCP > server at the edge switch so it will interrupt the normal ip > address assignment. Any method to block the unauthorized DCHP > server? > > TIA. > > Lo Ching Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73503&t=73489 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
