Re: Blocking DHCp requests while bridging

thierry.brandjes · ‎04-10-2002

Hello,

My company connects three site together with bridging over a C3660 and two C1750 Routers.

All the same IP network.

I need to place one DHCP server on each site.

I want to maintaine bridging for the time being, but I want to block DHCP requests to other sites.

Finaly I will migrate to a routed network but that's not possible now.

My question is: Is it possible to block DHCP requests on the boxes while they are bridging?

Thanx for your info

Thierry Brandjes

bsivasub · ‎04-20-2002

I don't think so. When briding we can't distinguish between DHCP broadcast with essential ARP or other broadcast packets and so you can't possibly filter it. You probably can try configuring the DHCP server to filter requests with MAC addresses. It is tedius but can't think of any other way.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_c/bcprt1/bcdtb.htm#xtocid1869438

thierry.brandjes · ‎04-23-2002

Right, I thought so.

The box makes descissions at layer 2 and doesn't look at packet containing IP data. That's obvious to me

Now I have something to show to my manager thst I was right.

Thanx 4 the repy.

pcwrench2000 · ‎04-24-2002

If you have Win2k Active Directory, you could control which DHCP server they get by putting DNS on each site, as well as DHCP. (They could both reside on the same box).

bill.higgins · ‎05-06-2002

Just block UDP port 17 from leaving each bridge and router .That port is required for bootp to work, and bootp carries dhcp within its payload.

Reference: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/iprprt1/1rdipadr.htm#1018608