cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
201
Views
0
Helpful
4
Replies
Highlighted
Beginner

How to block using DHCP on switches

Hi guys

I need your help with something, here in the office we got a DHCP Pool on the core switches and we need to configure some kind of restriction using the DHCP. What I'm trying to say is this. if a user is trying to configure a static IP on his device he don't be allow to use the network, it will only work using the DHCP pool assigned to the users.

Is there some kind of configuration like switchport security or something similar but using the DHCP pool.?

Regards

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

Dhcp snooping with dynamic

Dhcp snooping with dynamic arp inspection or ip source guard can help you achieve this. Please review following links:

http://packetlife.net/blog/2010/aug/18/dhcp-snooping-and-dynamic-arp-inspection/

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/ip_source_guard.html

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dynarp.html

-

AJ

View solution in original post

4 REPLIES 4
Highlighted
Hall of Fame Community Legend

I am no Windows AD person but

I am no Windows AD person but I know AD/Group Policy can do this.

Highlighted
Rising star

Dhcp snooping with dynamic

Dhcp snooping with dynamic arp inspection or ip source guard can help you achieve this. Please review following links:

http://packetlife.net/blog/2010/aug/18/dhcp-snooping-and-dynamic-arp-inspection/

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/ip_source_guard.html

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dynarp.html

-

AJ

View solution in original post

Highlighted
VIP Mentor

Hello

Hello

Snooping - DAI and IPSG will not assist here

To negate users from applying statics to their pcs would require a local group policy on each pc to tie down access to the nic properties

This is something active directory can do but not i am aware it's possible from a Cisco perspective

res

paul



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted
Beginner

Thank you all for all the

Thank you all for all the asnwers, A friend told something about Snooping and dynamic arp but i couldn't find anything. So I will test this on la lab and hope it works.

Regards

CreatePlease to create content
Content for Community-Ad