Block DHCP requests over VLANs

integrativenutrition · ‎01-11-2012

Hi all,

I have two 3560x Catalyst switches setup between two different locations. They link via a PTP line (Layer 2).

I have setup Intervlan routing between the switches and that works fine.

Each location has a separate subnet and a Windows DHCP server for each subnet.

I want to block any DHCP requests to be sent from hosts on one subnet to the DHCP server on the other side (i.e across the PTP link)

What is the best method to do this?

Thanks for your help

Reza Sharifi · ‎01-11-2012

Hi,

You can try something like this for each vlan:

ip access-list extended dhcp

deny udp any any eq bootpc

then under the vlan interface (SVI)

ip access-group dhcp out

HTH

Talha Ansari · ‎01-11-2012

Hi Michael,

If you have a seperate DHCP servers for different VLAN then by default the DHCP request from one VLAN will not go into any other VLAN as these requests are broadcast which will not cross the layer 3 boundary.

Regards,

Talha

Latchum Naidu · ‎01-11-2012

Hi Hi Michael,

First of all if you want send the DHCP requests from on subnet (vlan) to another subnet, you need to point the dhcp server under specific vlan "ip helper xx.xx.xx.xx"
So if you dont want send dhcp requests then you dont put the above "ip helper" command, if it is there then you can remove it from the vlan.

Hope the above helps you, if not please let us know the exact requirement.

Please rate all the helpfull posts.
Regards,
Naidu.

integrativenutrition · ‎01-17-2012

Thanks a lot guys

Latchum Naidu · ‎01-17-2012

Hi Michael,

Looks your issue is resolved.
Please remember to rate all the helpfull posts which encourage others throughout this great CSC.

Please rate all the helpfull posts.
Regards,
Naidu.