Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
265
Views
0
Helpful
8
Replies

Rogue dhcp

Petty Talamayan
Level 1
Level 1

‎11-16-2025 05:02 PM - last edited on ‎11-16-2025 07:26 PM by Cisco Employee

we have a 9407 and several small business edge switches, we recently had an issue where we lost internet connection in the whole facility, we started troubleshooting using elimination; we were able to identify the switches that created the issue. How do we drill down to find either a rogue dhcp or dhcp looping?

Labels:
0 Helpful
8 Replies 8

Kasun Bandara
VIP
VIP

‎11-16-2025 05:44 PM

@Petty Talamayan hi, when you facing the issue, easiest way is check the DHCP server IP in any client PC which have wrong IP. then trace the MAC address of that rough DHCP server within network. 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Petty Talamayan
Level 1
Level 1
In response to Kasun Bandara

‎11-16-2025 06:44 PM

The problem is when we reconnect the feed to that switch where the rogue server is located, we lose internet/lan connection to the whole facility, unable to issue an iprenew/release.
0 Helpful

Kasun Bandara
VIP
VIP
In response to Petty Talamayan

‎11-16-2025 08:43 PM

hi @Petty Talamayan when issue occurs, are you getting any IP in the PC?

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Petty Talamayan
Level 1
Level 1
In response to Kasun Bandara

‎11-17-2025 03:20 AM

We haven’t tried that yet but we believe our core’s ip was taken by the rogue server as we lose internet when we reconnect that switch to the network, the core is our internet gateway.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Petty Talamayan

‎11-17-2025 12:44 AM

Hello @Petty Talamayan ,

you should deploy two hosts with static IP address ( manually configured) so that those two are not impacted by the rogue DHCP server.

The long term solution may be DHCP snooping , but you need to verify on the small business switches if they support it.

Hope to help

Giuseppe

 

0 Helpful

Petty Talamayan
Level 1
Level 1
In response to Giuseppe Larosa

‎11-17-2025 03:15 AM

When you say two host, two dhcp servers?

 

We are using catalysts 1300/1200 as edge switches and they do support ip dhcp snooping, they are also enabled, do we need to do ip dhcp snooping trust on the feed ports?

0 Helpful

Petty Talamayan
Level 1
Level 1
In response to Petty Talamayan

‎11-17-2025 03:31 AM


If we change the DHCP server’s IP address, will that help and does it only impacts the statically assigned devices?
Same with the Core/gateway?

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Petty Talamayan

‎11-17-2025 01:40 PM

Hello @Petty Talamayan ,

DHCP snooping trust only on ports towards DHCP servers all other ports to be left untrusted.

my suggestion was to have at least two host devices with manually set IP addresses to be able to reach them in any case.

The ufficial DHCP servers can be on site or not.

Hope to help

Giuseppe

 

0 Helpful
Customers Also Viewed These Support Documents