iIf I deny using switch policies the source udp port 67 except for the official dhcp server port no unauthorized dhcp servers should run in my network, or?
regards bernd
iIf I deny using switch policies the source udp port 67 except for the official dhcp server port no unauthorized dhcp servers should run in my network, or?
regards bernd
Technically, you can't run a dhcp server without IP helpers on the separate subnets. Else a dhcp server will only work on the local subnet. So I'm not really sure this is a big concern. If someone does turn up a linksys or something, it would work, and there is really no way to tell because it will probably NAT what is behind it. If they turn it up and it is giving addresses in your actual layer 2 vlan, those folks wont be able to get off the local subnet unless the dhcp server is giving out valid addresses that match your layer 3 config.
check out DHCP snooping feature on your switches
thanks for your answers, we have enterasys switches - is there any other feature like cisco snooping? we have only one dhcp for more subnets with ip helper configured and want to prevent unathorized dhcp servers with vlan policy: deny udp 67 source (except the right dhcp server of course)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.