Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Cisco DHCP Server - Problem & Answer

Cisco DHCP Server - Problem & Answer 6 years 9 months ago #33748

  • apit
  • apit's Avatar
  • Offline
  • Senior Member
  • Posts: 227
  • Karma: 0
Hi..
Currently i'm using Cisco distribution switch to distribute IP's to all pc's. The configuration attached below :
ip dhcp excluded-address 172.21.10.1 172.21.10.50
ip dhcp excluded-address 172.21.10.240 172.21.10.254

!
ip dhcp pool 10
network 172.21.10.0 255.255.255.0
default-router 172.21.10.254
dns-server 172.21.1.100
netbios-name-server 172.21.1.101
lease 30
!

When issuing command "sh ip dhcp binding" the output shown :
172.21.10.2 0100.13d3.3bc4.71 Mar 25 2010 06:56 AM Automatic
172.21.10.51 0100.14c2.c572.7a Mar 25 2010 07:26 AM Automatic
172.21.10.52 0100.237d.b70f.36 Mar 25 2010 07:28 AM Automatic
172.21.10.53 0014.38e5.c7fa Infinite Automatic
172.21.10.54 0100.2100.03d6.3f Mar 25 2010 07:31 AM Automatic
172.21.10.55 0100.14c2.cc74.03 Mar 25 2010 07:42 AM Automatic

My questions :

1- Why pc that using ip 172.21.10.53 lease time is infinite? Refer to the configuration, the lease time is set to 30 days only.

2- The default-router ip is 172.21.10.254. One of the user have set this ip manually to his pc. How to prevent it?

tq
The administrator has disabled public write access.

Re: Cisco DHCP Server - Problem & Answer 6 years 9 months ago #33775

  • krik
  • krik's Avatar
  • Offline
  • Frequent Member
  • Posts: 69
  • Karma: 0
1) Probably one of your client is using BOOTP instead of DHCP. I may disreagard BOOTP by issuing the following command "ip dhcp bootp ignore" but then the client won't get an IP anymore...

2) I don't know any way to prevent someone to "steal" an IP excepted by company policy, disabling access to network settings, (fire the employee for the example :wink: )...
Christophe Lemaire
www.exp-networks.be/blog/
The administrator has disabled public write access.

Re: Cisco DHCP Server - Problem & Answer 6 years 9 months ago #33778

  • apit
  • apit's Avatar
  • Offline
  • Senior Member
  • Posts: 227
  • Karma: 0
1) Probably one of your client is using BOOTP instead of DHCP. I may disreagard BOOTP by issuing the following command "ip dhcp bootp ignore" but then the client won't get an IP anymore...

2) I don't know any way to prevent someone to "steal" an IP excepted by company policy, disabling access to network settings, (fire the employee for the example :wink: )...

1- How did the client is using BOOTP ? Is it been done at switch or client side?

2- He3...fire the employee is the best solution
The administrator has disabled public write access.

Re: Cisco DHCP Server - Problem & Answer 6 years 9 months ago #33793

  • krik
  • krik's Avatar
  • Offline
  • Frequent Member
  • Posts: 69
  • Karma: 0
1- How did the client is using BOOTP ? Is it been done at switch or client side?

The client choose the protocol it wants to use. Maybe an old server?
2- He3...fire the employee is the best solution
You could also kill him but it is less legal... ;-)
Christophe Lemaire
www.exp-networks.be/blog/
The administrator has disabled public write access.

Re: Cisco DHCP Server - Problem & Answer 6 years 9 months ago #33795

  • FlipRich
  • FlipRich's Avatar
  • Offline
  • Distinguished Member
  • Posts: 80
  • Karma: 0



2- The default-router ip is 172.21.10.254. One of the user have set this ip manually to his pc. How to prevent it?

tq


I've never had this issue before but have you tried manually binding the IP to the server's MAC?

You can also lock down the user's privileges using a GPO in Active Directory to keep them from making any changes.
Rich
Network Engineer /CCNP, CCNA-S
Tallahassee, FL
The administrator has disabled public write access.

Re: Cisco DHCP Server - Problem & Answer 6 years 9 months ago #33802

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
2- The default-router ip is 172.21.10.254. One of the user have set this ip manually to his pc. How to prevent it?

If his PC is Windows based, he probably also set his own static IP. You can't prevent this if he is a local administrator of his PC, you can if he is a limited user. Furthermore, I'm wondering what did he use for gateway IP other than yours, doing so, he would probably only have access to his local subnet!! :?

If your switch supports it, you can try to configure the IP Source Guard feature. This will automatically create an ACL that will filter traffic based on the source IP address. As far as I know, it can be configured to block IPs that were not issued by DHCP. More here:

www.cisco.com/en/US/docs/switches/lan/ca...hcp82.html#wp1284567
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.085 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup