cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17231
Views
0
Helpful
8
Replies

Block DHCP service for certain interface - Cisco 2960X

lplooh888
Level 1
Level 1

Hi,

I am a beginner user for Cisco products. I hope someone can advice me about my problem.

My network got use DHCP server (Windows Server 2012 R2)  with differences VLAN. I want to block the DHCP server for certain port in Cisco 2960X. That port is connected to a Wireless Router that has own DHCP server. How do i do the configuration about this.

Thank you

1 Accepted Solution

Accepted Solutions

Hello,

the access list would have been the easy way. Since that isn;t working, you could have a look at configuring DHCP snooping, which is kind of overkill, but it might work in your situation. Have a look at the configuration example below:

http://blog.router-switch.com/2012/08/how-to-configure-dhcp-snooping/

View solution in original post

8 Replies 8

Hello,

not sure if your IOS and platform support ACLs on interfaces, but you could define an access lists that denies DHCP traffic and apply it to the switch port where the wireless router is connected to (in this example, the wireless router is connected to FastEthernet0/12):

ip access-list extended Deny_DHCP
deny udp any any eq bootpc
deny udp any any eq bootps
permit ip any any

interface FastEthernet0/12
ip access-group Deny_DHCP in

Hi,

My IOS and platform cannot support ACL on interface. Once i apply the access list to denies the DHCP, i totally cannot access the VLAN. 

Anyone can guard me ??

thank you

Hello,

the access list would have been the easy way. Since that isn;t working, you could have a look at configuring DHCP snooping, which is kind of overkill, but it might work in your situation. Have a look at the configuration example below:

http://blog.router-switch.com/2012/08/how-to-configure-dhcp-snooping/

Dear gpauwen,

Thank you for you reply. i have done the setting and success.

Hello James,

DHCP snooping should have no effect on inter-Vlan routing. That said, the 2960X has limited Layer 3 functionality. 

Try to make the following changes:

2960X#conf t
2960X(config)#sdm prefer lanbase-routing

2960X#conf t
2960X(config)#ip routing

Hi Georg,

Sorry ya. no understand about the above statement.

for the sdm prefer lanbase-routing, what should i put to complete the statement?

can you give me some example?

Hello,

in order to install the template, type:

2960X#conf t
2960X(config)#sdm prefer lanbase-routing
2960X(config)#end
2960X#wr

Then reload the switch,

Hi Georg,

How are you  ? Sorry for disturb you again.

I facing 1 problem on DHCP snooping.

DHCP snooping command as below : 

IP DHCP snooping VLAN 400

IP DHCP snooping

I facing the problem is i cannot access to others vlan. For example as  below :

VLAN 400  = 192.168.50.0 

VLAN 1 = 168.168.0.0

I cannot ping to vlan 1 from vlan400.

what should i do ? Should i add in any command?

Hope you understand the problem.

thank you

From, 

James Looh

Review Cisco Networking for a $25 gift card