Solved: Re: Block a Single IP address

angel-moon · ‎10-23-2013

Hello everyone,

I seem to have a rogue DHCP server on the network and have not been able to locate it. The switch shows it connected to switchport Po1, which I believe is the EtherChannel. can someone send me the commends or a link to blocking a single IP address from network access? router or switch level is fine. Thanks in advance!

all replies rated'\\\

mvsheik123 · ‎10-23-2013

Hello,

Try ths on the router interface/vlan interface.

!

ip access-list 100 deny udp any any eq 68 --> If i remember correct, server uses udp/68 to comunicate with clients

ip access-list 100 permit ip any any

!

int vlanx (where the rogue dhcp server located)

ip access-group 100 in

!

Thx

MS

Edit: if you know the IP address of rogue server, you can as well use host IP instead of 'any'.

Also, Cisco's recomendation is to use 'dhcp snooping'. Check cisco docs for more explanation.

View solution in original post

mvsheik123 · ‎10-23-2013