HiThere's no 'port' as such

Mansoor Ahmed · ‎01-20-2015

Hi,

We have a situation on our LAN where some clients are receiving DNS information from a rogue network device. We have been able to trace the device but we cannot turn off the DHCP feature on it as we do not have administrative control on this device. We would like to know if enabling DHCP snooping will help in this scenario? The network topology is very simple, we have two 2900 routers that host the primary and backup WAN connection respectively and a C3750 switch to which these two routers connect. Then there are a bunch of access points and clients connected to the catalyst switch. This catalyst switch is also acting as a DHCP server. Will DHCP snooping help in this scenario? If yes, which ports do we mark as trusted because we don't really have a separate DHCP server that is connected to this LAN.

thank you,

M.A

Aaron Harrison · ‎01-20-2015

Hi

Yes, you could use this feature..

However if you really have something that runs DHCP and you can't administer it on your network you'd be better advised to put it in the bin where it belongs.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Mansoor Ahmed · ‎01-20-2015

Hi Aaron,

Thank you for your input. So you mean to say I don't need to mark any port as trusted and it will still work?

As for the rogue DHCP, it seems to be coming from the WiMAX backup device that is installed by our ISP (this is a remote site that does not have any copper/fiber infrastructure) so we cannot really bin it. We have asked our ISP to disable it.

Aaron Harrison · ‎01-20-2015

Hi

There's no 'port' as such for the internal DHCP server, and since it's a device you administer it should be 'trusted' by default..

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

DHCP snooping for Cisco built-in DHCP server?