https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23617#M2361 You can also create an alarm in Netsight:<BR /> <BR /> Add this section in trapd.conf and create the alarm.<BR /> <BR /> EVENT extremeIpSecurityViolation .1.3.6.1.4.1.1916.1.34.1.0.1 "Status Alarms" Critical<BR /> <BR /> FORMAT Rogue DHCP server on vlan $2<BR /> <BR /> SDESC<BR /> <BR /> "IP Security Violation"<BR /> <BR /> EDESC<BR /> <BR /> Wed, 18 Mar 2015 15:44:00 GMT JohanHendrikx 2015-03-18T15:44:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23613#M2357 Create Date: Mar 26 2012 9:36AM<BR /> <BR /> What is the best way to track down a rogue DHCP server in an Extreme switch environment. I've done it many times in a Cisco environment, but assigning a secondary IP to a router interface, pinging the bad default gateway, and then digging through the mac-address tables on each switch to find the connected port. The problem I'm having is that I can't successfully ping the gateway address from a host that recieved the bad IP assigment. As a result I cannot find the server. I believe that the server may be built into some automation software that one team runs, but I'm having a hard time verifying that. <BR /> <BR /> Also, what is the syntax to enable DHCP snooping on an extreme switch?<BR /> <BR /> -NB<BR /> <BR /> (from N_B) Wed, 08 Jan 2014 05:52:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23613#M2357 EtherNation_Use 2014-01-08T05:52:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23614#M2358 Create Date: Mar 26 2012 11:16AM<BR /> <BR /> By default DHCP snooping is disabled on the switch. To enable DHCP snooping on the switch, use the<BR /> <BR /> following command: enable ip-security dhcp-snooping {vlan} <VLAN_NAME> ports [all | ] violationaction[drop-packet {[block-mac | block-port] [duration <DURATION_IN_SECONDS> |permanently] | none]}] {snmp-trap} (from Arpit_Bhatt)</DURATION_IN_SECONDS></VLAN_NAME> Wed, 08 Jan 2014 05:52:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23614#M2358 EtherNation_Use 2014-01-08T05:52:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23615#M2359 Create Date: Mar 26 2012 11:19AM<BR /> <BR /> Configure a Trusted DHCP server and the switch will only forward packets from the Trusted server. Go through "DHCP Snooping and Trusted DHCP Server" in the concepts guide and that should help you.<BR /> <BR /> <BR /> <BR /> Let me know if that works for you.<BR /> <BR /> (from Arpit_Bhatt) Wed, 08 Jan 2014 05:52:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23615#M2359 EtherNation_Use 2014-01-08T05:52:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23616#M2360 Create Date: Mar 26 2012 11:25AM<BR /> <BR /> Once DHCP snooping and trusted server are enabled you can use the command show ip-security dhcp-snooping violations to see where the rogue DHCP packet was received.<BR /> <BR /> (from Paul_Russo) Wed, 08 Jan 2014 05:52:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23616#M2360 EtherNation_Use 2014-01-08T05:52:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23617#M2361 You can also create an alarm in Netsight:<BR /> <BR /> Add this section in trapd.conf and create the alarm.<BR /> <BR /> EVENT extremeIpSecurityViolation .1.3.6.1.4.1.1916.1.34.1.0.1 "Status Alarms" Critical<BR /> <BR /> FORMAT Rogue DHCP server on vlan $2<BR /> <BR /> SDESC<BR /> <BR /> "IP Security Violation"<BR /> <BR /> EDESC<BR /> <BR /> Wed, 18 Mar 2015 15:44:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/rogue-dhcp-server/m-p/23617#M2361 JohanHendrikx 2015-03-18T15:44:00Z