This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EXOS how to add dhcp security to many vlans?

EXOS how to add dhcp security to many vlans?

Keith9
Contributor III

‎03-18-2021 07:13 PM

I have a 5 stack 5520 switch with multiple vlans on it.  I’m trying to program in the trusted DHCP servers for the vlans.

 

Here is the commands I’m pasting in

configure trusted-ports 1:57 trust-for dhcp-server
configure trusted-servers vlan Default add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VOICE add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL2 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL3 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL5 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL6 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL7 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL8 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan Default add server 10.1.1.2 trust-for dhcp-server
configure trusted-servers vlan VOICE add server 10.1.1.2 trust-for dhcp-server
configure trusted-servers vlan VL2 add server 10.1.1.2 trust-for dhcp-server
configure trusted-servers vlan VL3 add server 10.1.1.2 trust-for dhcp-server
configure trusted-servers vlan VL5 add server 10.1.1.2 trust-for dhcp-server
configure trusted-servers vlan VL6 add server 10.1.1.2 trust-for dhcp-server
configure trusted-servers vlan VL7 add server 10.1.1.2 trust-for dhcp-server
configure trusted-servers vlan VL8 add server 10.1.1.2 trust-for dhcp-server

But after I get to the first 10.1.1.2 IP address above, i get this after the rest of the commands:

Error: No more than 8 trusted DHCP servers can be configured across all vlans.

Its only 2 DHCP servers.  10.1.1.1 and 10.1.1.2 run the Windows Server DHCP clustering service, so I have to put both IP’s in for failover reasons.


What I am initially trying to do is ensure no rouge dhcp servers can be put on the network.


The uplink port is 1:57 (parent of a lacp load sharing link 1:57,2:57,4:57,5:57 to each both X690 core stacks running mlag over those sharing ports).

The servers are all directly into the core switches, so I basically can trust anything on the core switches if that matters.  Nothing in the core switch is plugged into any employee accessible wall jack.  Thats only in the data room.

Is there another way about doing this?

0 Kudos
10 REPLIES 10

Keith9
Contributor III

‎03-18-2021 07:18 PM

I may be overthinking it…

 

Could I just do this instead?

configure trusted-ports 1:57 trust-for dhcp-server
 

Like I said that is the parent port of an LACP sharing group of 4 ports to the core.  Everything on the core is trusted.

If thats the case how do I remove what the switch took so far:

sh configuration | i trusted
configure trusted-ports 1:57 trust-for dhcp-server
configure trusted-servers vlan Default add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL2 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL3 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL5 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL6 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL7 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VL8 add server 10.1.1.1 trust-for dhcp-server
configure trusted-servers vlan VOICE add server 10.1.1.1 trust-for dhcp-server

 

I tried unconfigure or delete, nothing in tab completion looks like it would do the trick?

0 Kudos
GTM-P2G8KFN