DHCP IP Issue

Yasmeen · ‎01-25-2022

Hi Team,

In My Office Lab Has one Cisco Switch and it is connected with some wired clients two DHCP Servers
DHCP Snooping Enabled in Cisco Switch to Block Rouge DHCP Request
But I need Allow second DHCP request for Clients
In My scenario my wired client getting ip address from second DHCP server IP instead of genuine First DHCP Server.
I have configured trusted ports for both genuine DHCP server as well as second DHCP Server bcz i want to use both.
instead of getting IP Address from first DHCP server my client getting IP's from second DHCP Server I need to block it.
Also i want to use second DHCP server for another testing purpose
the second DHCP server configured machine has WAN access with first DHCP Server IP only, This second DHCP Server get Internet Access via Eth0 interface only.
Main thing i don't want to Change my config as untrusted interface for second dhcp server connected one.

pls find my Topology for reference,

Georg Pauwen · ‎01-26-2022

Hello,

without actually seeing your topology, I take it that you basically have two competing DHCP servers. Unfortunately, there is no way to prioritize one over the other. It basically is who receives the (directed) broadcast first dishes out the IP address.

You might want to try and add a DHCP option to the server you want to prioritize. I somewhere recall that for Mac clients, the server with the most options goes first. I don't know if that is true for other (Windows, Android, etc.) clients...

Yasmeen · ‎01-27-2022

Hi Team,

In My Office Lab Has one Cisco Switch and it is connected with some wired clients two DHCP Servers
DHCP Snooping Enabled in Cisco Switch to Block Rouge DHCP Request
But I need Allow second DHCP request for Clients
In My scenario my wired client getting ip address from second DHCP server IP instead of genuine First DHCP Server.
I have configured trusted ports for both genuine DHCP server as well as second DHCP Server bcz i want to use both.
instead of getting IP Address from first DHCP server my client getting IP's from second DHCP Server I need to block it.
Also i want to use second DHCP server for another testing purpose
the second DHCP server configured machine has WAN access with first DHCP Server IP only, This second DHCP Server get Internet Access via Eth0 interface only.
Main thing i don't want to Change my config as untrusted interface for second dhcp server connected one.

pls find my Topology for reference,

paul driver · ‎01-28-2022

Hello

Most simplistic solution would to assign each subnet to its own vlan, then this would not happen.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Squozen_EU · ‎01-26-2022

Without properly understanding your reason for doing this, my first reaction would be to put the clients that need to talk to the second DHCP server on a different VLAN and point that VLAN's helper address to the second DHCP server (assuming that the DHCP server isn't on the broadcast domain - if it is, move it to the new VLAN as well).

You might also considering blacklisting MAC addresses on the relevant DHCP server?