08-01-2017 12:28 AM - edited 03-08-2019 11:33 AM
Hi,
There is a switch on which one unmanaged switch is connected having 8 ports which has 192.168.0.1 as default IP and is started DHCP flooding on whole switches connected on same VLAN.
I want to stop that DHCP flooding in those switches I have tried DHCP snooping but its not working.
Suggest me a solution so that these kind of issues occurs on any port then those port should not work for those DHCP Rouge server.
I don't want to shut any port if there is computer connect to same port then that port should work.
help me out on this.
08-01-2017 02:24 AM
Hi
why didn't DHCP snopping work for you it should have once it was setup correctly for each vlan and the trusting states were set at interface level , that's the feature its to prevent rogue dhcps requests
trust the port where you dhcp server connects and trust all the uplinks between each switch's that are valid and globally enable it
Ip dhcp snooping
Ip dhcp snooping vlan 1,2,3,4
Int g0/0/0
Description MS DHCP server
Ip dhcp snooping trust
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_44_se/configuration/guide/scg/swdhcp82.html#wp1070843
08-01-2017 03:13 AM
Hello
I agree with Mark Snooping should have taken care of this.
You could also try applying a static mac entry to drop traffic from the dhcp server if you dont wish its traffic to traverse specifc vlans on the switch
mac address-table static xxxx.xxxx.xxx vlan 10 drop
mac address-table static xxxx.xxxx.xxx vlan 20 drop
etc...
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide