RE: Can block DHCP traffic at layer 2 switch? [7:73489]
VACL, VACL, VACL. See here: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_1/confg_gd/ acc_list.htm#26922 It gives you the exact commands to limit DHCP responses to specific server(s). Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Charles D Hammonds [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 10:20 PM To: [EMAIL PROTECTED] Subject: RE: Can block DHCP traffic at layer 2 switch? [7:73489] only thing I would know to do at L2 is port security... just lock it down to pre-identified MACs to prevent users from throwing unauthorized boxes on the network. Charles -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 6:23 PM To: [EMAIL PROTECTED] Subject: Can block DHCP traffic at layer 2 switch? [7:73489] Dear All, We have configured DHCP server at the CORE switch and this will assign the ip address to the client located at edge switch. PC---edge switch-GE uplink---CORE---DHCP server (The network is pure Layer 2 network) But we are afraid that some end users will place their own DHCP server at the edge switch so it will interrupt the normal ip address assignment. Any method to block the unauthorized DCHP server? TIA. Lo Ching **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73506&t=73489 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Can block DHCP traffic at layer 2 switch? [7:73489]
Dear All, We have configured DHCP server at the CORE switch and this will assign the ip address to the client located at edge switch. PC---edge switch-GE uplink---CORE---DHCP server (The network is pure Layer 2 network) But we are afraid that some end users will place their own DHCP server at the edge switch so it will interrupt the normal ip address assignment. Any method to block the unauthorized DCHP server? TIA. Lo Ching Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73489&t=73489 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Can block DHCP traffic at layer 2 switch? [7:73489]
Not sure what filtering capabilities you have on the switch, but you might be able to set all of the subscriber facing ports to block the forwarding out of DHCP DISCOVERs and REBINDS requests. I forget the details, but you can determine the directionality of the DHCP requests (DISCOVERs/REBINDs vs OFFERs/ACKs) based on the UDP port numbers and set in/out filters accordingly. The cable companies encode similar filters in your cable modem to prevent someone with a DHCP server in their home from hearing and responding to DHCP requests from the rest of the neighborhood. Lo Ching wrote: > > Dear All, > > We have configured DHCP server at the CORE switch and this will > assign the ip address to the client located at edge switch. > PC---edge switch-GE uplink---CORE---DHCP server > (The network is pure Layer 2 network) > > But we are afraid that some end users will place their own DHCP > server at the edge switch so it will interrupt the normal ip > address assignment. Any method to block the unauthorized DCHP > server? > > TIA. > > Lo Ching Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73503&t=73489 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Can block DHCP traffic at layer 2 switch? [7:73489]
only thing I would know to do at L2 is port security... just lock it down to pre-identified MACs to prevent users from throwing unauthorized boxes on the network. Charles -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 6:23 PM To: [EMAIL PROTECTED] Subject: Can block DHCP traffic at layer 2 switch? [7:73489] Dear All, We have configured DHCP server at the CORE switch and this will assign the ip address to the client located at edge switch. PC---edge switch-GE uplink---CORE---DHCP server (The network is pure Layer 2 network) But we are afraid that some end users will place their own DHCP server at the edge switch so it will interrupt the normal ip address assignment. Any method to block the unauthorized DCHP server? TIA. Lo Ching **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73491&t=73489 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
