1. Home
  2. Cisco Systems
  3. How to block issuing a dhcp ip to a perticular host

How to block issuing a dhcp ip to a perticular host

I have a 1841 cisco router as a dhcp server with 2 address pools namely abc & xyz

ip dhcp pool abc network 10.20.4.0 255.255.255.0 default router 10.20.4.1

ip dhcp pool xyz network 192.50.201.0 255.255.255.0 default router 192.50.201.1

Router is connected to a cisco 2960 switch. It has 2 vlans associated with the 2 address pools.

I have a manual binding to server.

ip dhcp pool serv host 10.20.40.5 client-identifier xxx.xxx.xxxx.xx

when i connect the server to a switch port which is associated with the abc pool it gets the correct manally binded ip.

when i connect it to a switch port which is associated with the xyz pool, it get an ip from that pool. But i want the router to assign only the binded ip when connected to a port associated with the abc pool. If the server is connected to the other vlan port, then it shoul not get an ip.

How can i do this. Please help

Reply to
mgpprasa
Loading thread data ...

Can you setup a static reservation based on mac, and then give it a non-valid IP? I don't know of any way to do it other than. Technically any port in xyz should be able to issue a dhcp request and get an IP, so you can't block by port or access-list, and you can't disable the ip-helper or this would break everything. Therefore, your only course of action is on the dhcp service itself, and by MAC- address which is the only thing the originating station uses to identify itself for static entries.

Reply to
Trendkill

Why not commit the server to a specific port associated with VLAN abc, and specify the MAC address of the server with the port security command?

e.g.: interface FastEthernet0/3 description Server switchport access vlan switchport mode access switchport nonegotiate switchport port-security switchport port-security violation restrict switchport port-security mac-address aaaa.bbbb.cccc

If the MAC of the server is associated with a specific port, which is associated with a specific VLAN (abc), would that not prevent the server from accessing the DHCP server via any other port, including VLAN xyz ports?

Best Regards, News Reader

Reply to
News Reader

Agreed on this solution. I didn't think it would be an option else keeping the server on the same port/vlan would work fine without the mac security, but this would solve the problem.

Reply to
Trendkill

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.