Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1968
Views
0
Helpful
9
Replies

DHCP is responding without IP-Helper Address

shyamradhe
Level 1
Level 1

‎01-13-2017 12:02 AM - edited ‎03-08-2019 08:53 AM

Hello all

I have 7 VLANs in our core switch, VLAN-1 is for management,so i did not introduced ip helper address command on interface vlan 1.

but problem is that the pc is getting ip from dhcp, from vlan-1 ip range,

don't know how is this happening,

kindly let me know how to stop this, and how is this possible?

Labels:
0 Helpful
9 Replies 9

Evgeniy Prichinin
Level 1
Level 1

‎01-13-2017 12:19 AM

You have dhcp in vlan 1. You can get ip of dhcp server from PC network connection info. 

0 Helpful

shyamradhe
Level 1
Level 1
In response to Evgeniy Prichinin

‎01-13-2017 01:09 AM

DHCP server is also placed in VLAN-1(same range of vlan-1)

"means this is why DHCP responding for that request from client" ?

0 Helpful

Evgeniy Prichinin
Level 1
Level 1
In response to shyamradhe

‎01-17-2017 08:18 PM

Yes, Client discovers dhcp server using broadcasts.

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni

‎01-13-2017 12:32 AM

whats the config on vlan1 and is the pc pulling an ip address from one of the core switch dhcp pools ? is there a pool for vlan 1 on the core switch ?

0 Helpful

shyamradhe
Level 1
Level 1
In response to Mark Malone

‎01-13-2017 01:08 AM

DHCP server is also placed in VLAN-1(same range of vlan-1)

"means this is why DHCP responding for that request from client" ?

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to shyamradhe

‎01-13-2017 01:18 AM

if the dhcp server is in the same vlan 1 , the pcs will look for an address as they broadcast out when set as dhcp and the server will respond if it has a pool for that vlan as its in same broadcast domain  , that's the way it works , if you don't want them asking for an address set them as static or remove the pool for vlan1 from the dhcp settings so even if they broadcast out looking theres no ips for them to be assigned

0 Helpful

shyamradhe
Level 1
Level 1
In response to Mark Malone

‎01-13-2017 02:25 AM

Ok thanks,

Can i use an access list like.

ip access list extended DHCP_BLOCK

  deny udp any any eq bootpc

int vlan 1

  ip -access-group DHCP_BLOCK out

"will this work ? or it will deny every other things too?"

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to shyamradhe

‎01-13-2017 02:29 AM

that wont work as the dhcp server is in the same broadcast domain vlan 1 , that will only prevent it breaking out if the dhcp server was in another vlan to get an address

if vlan 1 is for management then really the devices should be getting static addresses only and there should be no dhcp pool for vlan 1 on your server , that way the pcs that are in the same vlan cant pick up any address

0 Helpful

shyamradhe
Level 1
Level 1
In response to Mark Malone

‎01-13-2017 02:33 AM

ok mark

thanks. for your quick response :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card