DHCP with IP antispoofing

gauthierla · ‎11-29-2006

Hi all

Here's the situation:

I've a 7600 router which acts as DHCP L3 relay. The router is enabled for IP antispoofing. The ARP table is populate on reception of DHCP ACK messages.

Now, if an IP adress is allocated for a client, so if the ARP table is updated for this client, is it possible that the DHCP server sends a message to invalidate the ARP entry in order that the client cannot use anymore the adress he was allocated before the lease time expiration ?

stschmidt · ‎11-29-2006

I do not know of any DHCP server that has the ability to revoke or invalidate a lease once it is handed out. I do not believe I have seen this is in the rfc either.

Stephen

mohamed.khadr · ‎11-29-2006

Hi,

Once the router gave out IP to a host, the entry in the arp table will remain for the life of the lease.In other words the ARP table will not age-out.

HTH

gauthierla · ‎11-29-2006

So there is no way to revoke a lease allocated to a client ?

The issue comes from the fact the client is able to get an internet connectiviy in 2 ways: by DHCP and by PPP.

I don't want him to be allowed to get the two connections at the same time.

Unfortunately, if he starts with a DHCP session and then he connects with a PPP session, he'll get the two modes until the lease expires.