iIf I deny using switch policies the source udp port 67 except for the official dhcp server port no unauthorized dhcp servers should run in my network, or?
regards bernd
- posted
16 years ago
prevent unauthorized dhcp
Loading thread data ...
- Vote on answer
- posted
16 years ago
Technically, you can't run a dhcp server without IP helpers on the separate subnets. Else a dhcp server will only work on the local subnet. So I'm not really sure this is a big concern. If someone does turn up a linksys or something, it would work, and there is really no way to tell because it will probably NAT what is behind it. If they turn it up and it is giving addresses in your actual layer 2 vlan, those folks wont be able to get off the local subnet unless the dhcp server is giving out valid addresses that match your layer 3 config.
- Vote on answer
- posted
16 years ago
check out DHCP snooping feature on your switches
formatting link
- Vote on answer
- posted
16 years ago
thanks for your answers, we have enterasys switches - is there any other feature like cisco snooping? we have only one dhcp for more subnets with ip helper configured and want to prevent unathorized dhcp servers with vlan policy: deny udp 67 source (except the right dhcp server of course)