Rogue DHCP Server
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:52 PM
Create Date: Mar 26 2012 9:36AM
What is the best way to track down a rogue DHCP server in an Extreme switch environment. I've done it many times in a Cisco environment, but assigning a secondary IP to a router interface, pinging the bad default gateway, and then digging through the mac-address tables on each switch to find the connected port. The problem I'm having is that I can't successfully ping the gateway address from a host that recieved the bad IP assigment. As a result I cannot find the server. I believe that the server may be built into some automation software that one team runs, but I'm having a hard time verifying that.
Also, what is the syntax to enable DHCP snooping on an extreme switch?
-NB
(from N_B)
What is the best way to track down a rogue DHCP server in an Extreme switch environment. I've done it many times in a Cisco environment, but assigning a secondary IP to a router interface, pinging the bad default gateway, and then digging through the mac-address tables on each switch to find the connected port. The problem I'm having is that I can't successfully ping the gateway address from a host that recieved the bad IP assigment. As a result I cannot find the server. I believe that the server may be built into some automation software that one team runs, but I'm having a hard time verifying that.
Also, what is the syntax to enable DHCP snooping on an extreme switch?
-NB
(from N_B)
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-18-2015 08:44 AM
You can also create an alarm in Netsight:
Add this section in trapd.conf and create the alarm.
EVENT extremeIpSecurityViolation .1.3.6.1.4.1.1916.1.34.1.0.1 "Status Alarms" Critical
FORMAT Rogue DHCP server on vlan $2
SDESC
"IP Security Violation"
EDESC
Add this section in trapd.conf and create the alarm.
EVENT extremeIpSecurityViolation .1.3.6.1.4.1.1916.1.34.1.0.1 "Status Alarms" Critical
FORMAT Rogue DHCP server on vlan $2
SDESC
"IP Security Violation"
EDESC
Johan Hendrik
System Architect
Audax
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:52 PM
Create Date: Mar 26 2012 11:25AM
Once DHCP snooping and trusted server are enabled you can use the command show ip-security dhcp-snooping violations to see where the rogue DHCP packet was received.
(from Paul_Russo)
Once DHCP snooping and trusted server are enabled you can use the command show ip-security dhcp-snooping violations to see where the rogue DHCP packet was received.
(from Paul_Russo)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:52 PM
Create Date: Mar 26 2012 11:19AM
Configure a Trusted DHCP server and the switch will only forward packets from the Trusted server. Go through "DHCP Snooping and Trusted DHCP Server" in the concepts guide and that should help you.
Let me know if that works for you.
(from Arpit_Bhatt)
Configure a Trusted DHCP server and the switch will only forward packets from the Trusted server. Go through "DHCP Snooping and Trusted DHCP Server" in the concepts guide and that should help you.
Let me know if that works for you.
(from Arpit_Bhatt)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:52 PM
Create Date: Mar 26 2012 11:16AM
By default DHCP snooping is disabled on the switch. To enable DHCP snooping on the switch, use the
following command: enable ip-security dhcp-snooping {vlan} ports [all | ] violationaction[drop-packet {[block-mac | block-port] [duration |permanently] | none]}] {snmp-trap} (from Arpit_Bhatt)
By default DHCP snooping is disabled on the switch. To enable DHCP snooping on the switch, use the
following command: enable ip-security dhcp-snooping {vlan}
