DHCP flooding in whole network.

Rahul Chauhan · ‎08-01-2017

Hi,

There is a switch on which one unmanaged switch is connected having 8 ports which has 192.168.0.1 as default IP and is started DHCP flooding on whole switches connected on same VLAN.

I want to stop that DHCP flooding in those switches I have tried DHCP snooping but its not working.

Suggest me a solution so that these kind of issues occurs on any port then those port should not work for those DHCP Rouge server.

I don't want to shut any port if there is computer connect to same port then that port should work.

help me out on this.

Mark Malone · ‎08-01-2017

Hi

why didn't DHCP snopping work for you it should have once it was setup correctly for each vlan and the trusting states were set at interface level , that's the feature its to prevent rogue dhcps requests

trust the port where you dhcp server connects and trust all the uplinks between each switch's that are valid and globally enable it

Ip dhcp snooping
Ip dhcp snooping vlan 1,2,3,4

Int g0/0/0
Description MS DHCP server
Ip dhcp snooping trust

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_44_se/configuration/guide/scg/swdhcp82.html#wp1070843

paul driver · ‎08-01-2017

Hello

I agree with Mark Snooping should have taken care of this.

You could also try applying a static mac entry to drop traffic from the dhcp server if you dont wish its traffic to traverse specifc vlans on the switch

mac address-table static xxxx.xxxx.xxx vlan 10 drop
mac address-table static xxxx.xxxx.xxx vlan 20 drop
etc...

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul