Switch Recommendation to prevent "rogue" DHCP?

Discussion in 'Cisco' started by Steve Ames, May 11, 2005.

  1. Steve Ames

    Steve Ames Guest

    In my switch closets I have 2948-XL switches. Recently we've had a rash of
    people plugging devices into the network that act as DHCP servers. Naturally
    this causes all sorts of conflicts and has to be tracked down and stopped
    each time it occurs.

    I've been unable to find a solution to this problem using my 2948-XL
    switches (i.e. a way to only allow dhcp responses from our actual dhcp
    server)... so it looks like its time for replacements. Can anyone recommend
    a switch that supports this feature (cisco calls it DHCP snooping I think),
    48 ports+ 10/100 ports and VLAN capability (port + trunking). Bonus points
    if its not too pricey (obviously cost is a real issue or I wouldn't still be
    using 2948s).

    Many thanks in advance!

    -Steve
    Steve Ames, May 11, 2005
    #1
    1. Advertising

  2. Steve Ames

    Guest

    Steve Ames wrote:
    > In my switch closets I have 2948-XL switches. Recently we've had a

    rash of
    > people plugging devices into the network that act as DHCP servers.

    Naturally
    > this causes all sorts of conflicts and has to be tracked down and

    stopped
    > each time it occurs.
    >
    > I've been unable to find a solution to this problem using my 2948-XL
    > switches (i.e. a way to only allow dhcp responses from our actual

    dhcp
    > server)... so it looks like its time for replacements. Can anyone

    recommend
    > a switch that supports this feature (cisco calls it DHCP snooping I

    think),
    > 48 ports+ 10/100 ports and VLAN capability (port + trunking). Bonus

    points
    > if its not too pricey (obviously cost is a real issue or I wouldn't

    still be
    > using 2948s).
    >
    > Many thanks in advance!
    >
    > -Steve
    , May 11, 2005
    #2
    1. Advertising

  3. Hi,

    On Catalyst 2950 switches you should be able to setup IP Access-lists that
    filter DHCP messages on ports connected to desktops. The 2950 series is what
    replaced the 2900xl series switches. I'm not sure though if you need the
    enhanced feature set in order to configure these ip access-lists.

    Erik

    "Steve Ames" <> wrote in message
    news:newscache$rx4cgi$iye$-voodoo.com...
    > In my switch closets I have 2948-XL switches. Recently we've had a rash of
    > people plugging devices into the network that act as DHCP servers.
    > Naturally
    > this causes all sorts of conflicts and has to be tracked down and stopped
    > each time it occurs.
    >
    > I've been unable to find a solution to this problem using my 2948-XL
    > switches (i.e. a way to only allow dhcp responses from our actual dhcp
    > server)... so it looks like its time for replacements. Can anyone
    > recommend
    > a switch that supports this feature (cisco calls it DHCP snooping I
    > think),
    > 48 ports+ 10/100 ports and VLAN capability (port + trunking). Bonus points
    > if its not too pricey (obviously cost is a real issue or I wouldn't still
    > be
    > using 2948s).
    >
    > Many thanks in advance!
    >
    > -Steve
    >
    >
    Erik Tamminga, May 15, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. wr
    Replies:
    6
    Views:
    3,046
    Hansang Bae
    Sep 7, 2004
  2. mostro
    Replies:
    0
    Views:
    599
    mostro
    Sep 16, 2005
  3. dougga

    Rogue DHCP Lease... hacker?

    dougga, Nov 4, 2004, in forum: Computer Security
    Replies:
    19
    Views:
    4,916
    dougga
    Nov 13, 2004
  4. sam176
    Replies:
    0
    Views:
    1,103
    sam176
    Nov 22, 2006
  5. Replies:
    3
    Views:
    690
Loading...

Share This Page