Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
1
Replies

DHCP: force router to assign predefined infinite DHCP address

Frank Hohenadel
Level 1
Level 1

‎11-16-2014 07:48 AM - edited ‎03-07-2019 09:31 PM

Does anyone know if its possible to force a router only to assign an infinite DHCP address when a client connect to the network?

In the configuration (2911 router) there is an DHCP server configured which assigns specific IP addresses to certain mac addresses (in this example to Client1 with mac address 00aa.00bb.00cc.ab). Due to security reasons I want to avoid that a user of a device can manually set a different ip address on his device and still be able to use/connect to the router (so far this is possible). 

DHCP config is:

ip dhcp pool data
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.1 
 dns-server 10.10.10.1 
!
ip dhcp pool Client1
 host 192.168.2.10 255.255.255.0
 client-identifier 00aa.00bb.00cc.ab
 dns-server 10.10.10.1 
 default-router 192.168.2.1 
 

Thanks, Frank

Labels:
0 Helpful
1 Reply 1

houtan haddadlarijani
Level 1
Level 1

‎11-16-2014 08:22 AM

you can use IP source guard feature along with DHCP snooping  to mitigate such a security threat.

 

Ip source guard uses DHCP snooping database to test that if incoming packet's source ip is assigned by dhcp server or not, in case of illegal source ip address, the packet will be dropped.

 

HTH 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card