Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
0
Helpful
4
Replies

How to block using DHCP on switches

Go to solution
Luis Carranza
Level 1
Level 1

‎12-21-2016 04:11 PM - edited ‎03-08-2019 08:40 AM

Hi guys

I need your help with something, here in the office we got a DHCP Pool on the core switches and we need to configure some kind of restriction using the DHCP. What I'm trying to say is this. if a user is trying to configure a static IP on his device he don't be allow to use the network, it will only work using the DHCP pool assigned to the users.

Is there some kind of configuration like switchport security or something similar but using the DHCP pool.?

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ajay Saini
Level 7
Level 7

‎12-21-2016 10:21 PM

Dhcp snooping with dynamic arp inspection or ip source guard can help you achieve this. Please review following links:

http://packetlife.net/blog/2010/aug/18/dhcp-snooping-and-dynamic-arp-inspection/

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/ip_source_guard.html

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dynarp.html

-

AJ

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎12-21-2016 05:17 PM

I am no Windows AD person but I know AD/Group Policy can do this.

0 Helpful

Go to solution
Ajay Saini
Level 7
Level 7

‎12-21-2016 10:21 PM

Dhcp snooping with dynamic arp inspection or ip source guard can help you achieve this. Please review following links:

http://packetlife.net/blog/2010/aug/18/dhcp-snooping-and-dynamic-arp-inspection/

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/ip_source_guard.html

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dynarp.html

-

AJ

0 Helpful

Go to solution
paul driver
VIP
VIP

‎12-22-2016 08:21 AM

Hello

Snooping - DAI and IPSG will not assist here

To negate users from applying statics to their pcs would require a local group policy on each pc to tie down access to the nic properties

This is something active directory can do but not i am aware it's possible from a Cisco perspective

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Luis Carranza
Level 1
Level 1

‎12-22-2016 01:06 PM

Thank you all for all the asnwers, A friend told something about Snooping and dynamic arp but i couldn't find anything. So I will test this on la lab and hope it works.

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card