configuring Cisco Router to preventing assigning DHCP address

Discussion in 'Cisco' started by Rami Rosen, Oct 11, 2004.

  1. Rami Rosen

    Rami Rosen Guest

    Hello,

    I have C820 cisco router. As part of it it has a DHCP server.
    I have some diskless station in my network.
    When this station is powered down and powered up, it gets
    an ip address from this CISCO DHCP server.

    I want to configure this Cisco Router so that it will not assign
    an IP address to that station.It should get it's IP from a different
    DHCP server on the LAN (I know of course the MAC address of that
    diskless station)

    regareds,
    rami
    Rami Rosen, Oct 11, 2004
    #1
    1. Advertising

  2. Rami Rosen

    Ben Guest

    Probably the simplest way is to apply a MAC access-list on the interface
    that allows everything except the MAC range of the diskless workstations.

    "Rami Rosen" <> wrote in message
    news:...
    > Hello,
    >
    > I have C820 cisco router. As part of it it has a DHCP server.
    > I have some diskless station in my network.
    > When this station is powered down and powered up, it gets
    > an ip address from this CISCO DHCP server.
    >
    > I want to configure this Cisco Router so that it will not assign
    > an IP address to that station.It should get it's IP from a different
    > DHCP server on the LAN (I know of course the MAC address of that
    > diskless station)
    >
    > regareds,
    > rami
    Ben, Oct 11, 2004
    #2
    1. Advertising

  3. Rami Rosen

    max Guest

    can You show any examples of access list to filter certain MAC adresses
    I was wondering about this lot of time
    thanks
    Max


    "Ben" <> wrote in message
    news:OQuad.22242$...
    > Probably the simplest way is to apply a MAC access-list on the interface
    > that allows everything except the MAC range of the diskless workstations.
    >
    > "Rami Rosen" <> wrote in message
    > news:...
    >> Hello,
    >>
    >> I have C820 cisco router. As part of it it has a DHCP server.
    >> I have some diskless station in my network.
    >> When this station is powered down and powered up, it gets
    >> an ip address from this CISCO DHCP server.
    >>
    >> I want to configure this Cisco Router so that it will not assign
    >> an IP address to that station.It should get it's IP from a different
    >> DHCP server on the LAN (I know of course the MAC address of that
    >> diskless station)
    >>
    >> regareds,
    >> rami

    >
    >
    max, Oct 11, 2004
    #3
  4. Rami Rosen

    mh Guest

    It is not clear that a MAC address filter will work.

    Blocking all traffic from the particular workstation is NOT what you
    want.

    You want to only block BOOTP packets ( which is what DHCP packets are
    carried in.

    You may be able to do this with extended MAC address filter where you
    configure that extended fields to match the offset and contents the
    MAC address of the workstation in the actual DHCP packet. You will
    probably need a packet trace to get the offset correct.
    mh, Oct 12, 2004
    #4
  5. Rami Rosen

    Rami Rosen Guest

    Hello,
    Thnks.

    > You want to only block BOOTP packets ( which is what DHCP packets are
    > carried in.)


    Absolutely right. Even more precise term wil be "ignore BOOTP packets"
    instead of "block BOOTP packets".

    > You may be able to do this with extended MAC address filter

    what is this extended MAC address filter?
    can you give some reference in Cisco docs?
    what is offset of a MAC address ?

    > You will probably need a packet trace to get the offset correct".


    is a sniffer (like Ethereal) is capable of doing it ?
    in case not - how can I get a packet trace?
    regards,
    rami




    (mh) wrote in message news:<>...
    > It is not clear that a MAC address filter will work.
    >
    > Blocking all traffic from the particular workstation is NOT what you
    > want.
    >
    > You want to only block BOOTP packets ( which is what DHCP packets are
    > carried in.
    >
    > You may be able to do this with extended MAC address filter where you
    > configure that extended fields to match the offset and contents the
    > MAC address of the workstation in the actual DHCP packet. You will
    > probably need a packet trace to get the offset correct.
    Rami Rosen, Oct 13, 2004
    #5
  6. Rami Rosen

    Ana Guest

    The simplest way:
    disable the dhcp server in the router
    --> no service dhcp
    Ana, Oct 13, 2004
    #6
  7. Rami Rosen

    mh Guest

    Look up RFC 1541, it will show the format of a DHCP packet

    Then use Etherreal trace to figure out offset of client hardware
    address (MAC address) in DHCP packet
    mh, Oct 14, 2004
    #7
  8. Rami Rosen

    Rami Rosen Guest

    THnks,
    This is not applicable , however; I want to avoid only one
    specific station from getting DHCP address from the server ; since there are other
    DHCP clients which shoud get IP addresses from that CISCO router this
    will not solve the problem.

    regards
    rami

    (Ana) wrote in message news:<>...
    > The simplest way:
    > disable the dhcp server in the router
    > --> no service dhcp
    Rami Rosen, Oct 17, 2004
    #8
  9. A ha - sounds like you're looking for the "ip dhcp excluded-address"
    command then.

    Aaron

    ---

    ~ THnks,
    ~ This is not applicable , however; I want to avoid only one
    ~ specific station from getting DHCP address from the server ; since there are other
    ~ DHCP clients which shoud get IP addresses from that CISCO router this
    ~ will not solve the problem.
    ~
    ~ regards
    ~ rami
    ~
    ~ (Ana) wrote in message news:<>...
    ~ > The simplest way:
    ~ > disable the dhcp server in the router
    ~ > --> no service dhcp
    Aaron Leonard, Oct 18, 2004
    #9
  10. Sorry, "ip dhcp excluded-address" was a dumb suggestion - you're
    looking to block a given client from getting an address from the
    DHCP server by *MAC* address I assume.

    Can you tell me what exactly is the goal here ... is the idea that
    this particular client is supposed to get its address from a
    DIFFERENT DHCP server? Or do you just want to keep this client
    from accessing the network in general?

    Aaron

    ---

    ~ A ha - sounds like you're looking for the "ip dhcp excluded-address"
    ~ command then.
    ~
    ~ Aaron
    ~
    ~ ---
    ~
    ~ ~ THnks,
    ~ ~ This is not applicable , however; I want to avoid only one
    ~ ~ specific station from getting DHCP address from the server ; since there are other
    ~ ~ DHCP clients which shoud get IP addresses from that CISCO router this
    ~ ~ will not solve the problem.
    ~ ~
    ~ ~ regards
    ~ ~ rami
    ~ ~
    ~ ~ (Ana) wrote in message news:<>...
    ~ ~ > The simplest way:
    ~ ~ > disable the dhcp server in the router
    ~ ~ > --> no service dhcp
    Aaron Leonard, Oct 19, 2004
    #10
  11. Rami Rosen

    Rami Rosen Guest

    Thanks Aaron,

    Well this particular client is supposed to get its address from a
    DIFFERENT DHCP server,and this client should have access to the
    network in general.

    Currently what I do is stop the CISCO DHCP server, and start my client
    box, so
    that it will not get IP from the CISCO DHCP server. I do not date to
    think of
    such a solution when deploying it at a customer site..

    I know that this also can be done at the client side: but we are not
    devloping the client side ...
    (To be more accurate : we are developing some app which works with a
    hw device (the client we talk about ) which we get from a company we
    are working with; this box sends bootp request after
    reboot. The Cisco router answers with boot reply and afterwards gives
    it the address, and I want to avoid this. This box is not
    sophosticated enough to reject the address the Cisco DHCP Server
    assigns).


    regards,
    rami

    Aaron Leonard <> wrote in message news:<>...
    > Sorry, "ip dhcp excluded-address" was a dumb suggestion - you're
    > looking to block a given client from getting an address from the
    > DHCP server by *MAC* address I assume.
    >
    > Can you tell me what exactly is the goal here ... is the idea that
    > this particular client is supposed to get its address from a
    > DIFFERENT DHCP server? Or do you just want to keep this client
    > from accessing the network in general?
    >
    > Aaron
    >
    > ---
    >
    > ~ A ha - sounds like you're looking for the "ip dhcp excluded-address"
    > ~ command then.
    > ~
    > ~ Aaron
    > ~
    > ~ ---
    > ~
    > ~ ~ THnks,
    > ~ ~ This is not applicable , however; I want to avoid only one
    > ~ ~ specific station from getting DHCP address from the server ; since there are other
    > ~ ~ DHCP clients which shoud get IP addresses from that CISCO router this
    > ~ ~ will not solve the problem.
    > ~ ~
    > ~ ~ regards
    > ~ ~ rami
    > ~ ~
    > ~ ~ (Ana) wrote in message news:<>...
    > ~ ~ > The simplest way:
    > ~ ~ > disable the dhcp server in the router
    > ~ ~ > --> no service dhcp
    Rami Rosen, Oct 22, 2004
    #11
  12. OK ... I pondered this for awhile, and the only thing I could come
    up with is this:

    You could configure a layer 2 filter on the router to block
    incoming BOOTPC packets from this one client's MAC address.
    You can't configure a layer 2 filter on a routed interface
    however, so to do this you'd need to configure IRB and put
    the layer 2 filter on the LAN interface's bridge group.

    Aaron

    ---

    ~ Thanks Aaron,
    ~
    ~ Well this particular client is supposed to get its address from a
    ~ DIFFERENT DHCP server,and this client should have access to the
    ~ network in general.
    ~
    ~ Currently what I do is stop the CISCO DHCP server, and start my client
    ~ box, so
    ~ that it will not get IP from the CISCO DHCP server. I do not date to
    ~ think of
    ~ such a solution when deploying it at a customer site..
    ~
    ~ I know that this also can be done at the client side: but we are not
    ~ devloping the client side ...
    ~ (To be more accurate : we are developing some app which works with a
    ~ hw device (the client we talk about ) which we get from a company we
    ~ are working with; this box sends bootp request after
    ~ reboot. The Cisco router answers with boot reply and afterwards gives
    ~ it the address, and I want to avoid this. This box is not
    ~ sophosticated enough to reject the address the Cisco DHCP Server
    ~ assigns).
    ~
    ~
    ~ regards,
    ~ rami
    ~
    ~ Aaron Leonard <> wrote in message news:<>...
    ~ > Sorry, "ip dhcp excluded-address" was a dumb suggestion - you're
    ~ > looking to block a given client from getting an address from the
    ~ > DHCP server by *MAC* address I assume.
    ~ >
    ~ > Can you tell me what exactly is the goal here ... is the idea that
    ~ > this particular client is supposed to get its address from a
    ~ > DIFFERENT DHCP server? Or do you just want to keep this client
    ~ > from accessing the network in general?
    ~ >
    ~ > Aaron
    ~ >
    ~ > ---
    ~ >
    ~ > ~ A ha - sounds like you're looking for the "ip dhcp excluded-address"
    ~ > ~ command then.
    ~ > ~
    ~ > ~ Aaron
    ~ > ~
    ~ > ~ ---
    ~ > ~
    ~ > ~ ~ THnks,
    ~ > ~ ~ This is not applicable , however; I want to avoid only one
    ~ > ~ ~ specific station from getting DHCP address from the server ; since there are other
    ~ > ~ ~ DHCP clients which shoud get IP addresses from that CISCO router this
    ~ > ~ ~ will not solve the problem.
    ~ > ~ ~
    ~ > ~ ~ regards
    ~ > ~ ~ rami
    ~ > ~ ~
    ~ > ~ ~ (Ana) wrote in message news:<>...
    ~ > ~ ~ > The simplest way:
    ~ > ~ ~ > disable the dhcp server in the router
    ~ > ~ ~ > --> no service dhcp
    Aaron Leonard, Oct 22, 2004
    #12
  13. hw device (the client we talk about ) which we get from a company we ~ are
    > working with; this box sends bootp request after ~ reboot. The Cisco
    > router answers with boot reply and afterwards gives ~ it the address, and
    > I want to avoid this. This box is not ~ sophosticated enough to reject the
    > address the Cisco DHCP Server ~ assigns).


    If this box is really sending a bootp request, see if you have the "ip
    dhcp bootp ignore" command on the router. It does what it says. CCO is
    giving a 404 error at the moment so I can't see where it first appeared.

    --
    Rgds,
    Martin
    Martin Gallagher, Oct 23, 2004
    #13
  14. Rami Rosen

    mh Guest

    this feature was introduced in 12.2(8)T
    mh, Oct 24, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SGVpbkQ=?=

    Wireless DHCP clients cannot obtain an IP address from the DHCP se

    =?Utf-8?B?SGVpbkQ=?=, Jan 8, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    2,811
    =?Utf-8?B?SGVpbkQ=?=
    Jan 8, 2006
  2. Vinny Abello
    Replies:
    0
    Views:
    654
    Vinny Abello
    Dec 6, 2003
  3. =?Utf-8?B?RlJBTlo=?=

    ASSIGNING A STATIC IP ADDRESS IN A DHCP NETWORK

    =?Utf-8?B?RlJBTlo=?=, Apr 15, 2004, in forum: MCSE
    Replies:
    8
    Views:
    17,596
    pittspeed
    Apr 16, 2004
  4. =?Utf-8?B?Qm9ubmllLg==?=

    Assigning Invalid IP address???

    =?Utf-8?B?Qm9ubmllLg==?=, Jan 25, 2007, in forum: Wireless Networking
    Replies:
    7
    Views:
    679
    Brigadier
    Jan 28, 2007
  5. cowboyz

    DHCP assigning IP to others.

    cowboyz, Jan 4, 2004, in forum: NZ Computing
    Replies:
    22
    Views:
    688
    Lawrence D'Oliveiro
    Jan 7, 2004
Loading...

Share This Page