I have one addition to this: The helper-address command tells the L3 device to forward ALL UDP broadcasts - DHCP, TFTP, NetBIOS, etc. You would also need to execute these commands to exclude everything that's not DHCP:
no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs That is not an exhaustive list. PC-based routers (Windows, Linux, *BSD, etc) include what's called a DHCP relay agent that will truly listen for DHCP requests and forward them on. On 1/24/2011 7:45 AM, Mayo, Bill wrote: > I believe what Brian was referring to was the "dhcp snooping" command, > which is designed to prevent undesired DHCP servers. What you ran into > is related to the fact that DHCP stops at the network boundary > (router/VLAN) because it is a broadcast. The helper-address command is > used to listen and forward requests on a VLAN to a designated DHCP > server, thereby preventing you from having to have a DHCP server on > every VLAN. That command will not stop any rogue DHCP servers. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
