Header Only - DO NOT REMOVE - Extreme Networks

filtering dhcp with accesslists


Userlevel 4
Create Date: Mar 15 2012 4:10AM

Hi folks,

is it possible to filter out unwanted dhcp servers in a vlan with a accesslist?

And if yes, may some one has a sample policy file 😉

(from schnuffel_duffel)

4 replies

Userlevel 4
Create Date: Mar 15 2012 4:29AM

If the intent is to stop rogue DHCP from giving out addresses then yes but you do not need an ACL. We have trusted DHCP which allows you to specify where the server is at and filters out unwanted DHCP.

For example on a 24 port switch where the uplink to the core is off if port 24 you would set up trusted DHCP telling that the only legitimate server is off port 24. If there is another server plugged into port 1 then those DHCP packets would be dropped.

Hope that helps

P (from Paul_Russo)
Userlevel 4
Create Date: Mar 15 2012 5:08AM

Many thanks for this information about DHCP Snooping and Trusted DHCP Server.

In my test it work great.

Now i wondering how to manage the same requirement on the old Extremeware. Do you have a solution for this too?

(from schnuffel_duffel)
Userlevel 4
Create Date: Mar 15 2012 5:51AM

EW is a lot different. We do not support trusted DHCP server so the only way I know we can do it is to create an ACL for all user ports blocking UDP port 68 which should be the response from a DHCP server.

Hope that helps let us know if that works for you.

P (from Paul_Russo)
Userlevel 4
Create Date: Mar 15 2012 5:56AM

Note that the DHCP offer has port 68 as the destination port so when creating the ACL you need the destination port udp 68 set.

P (from Paul_Russo)

Reply