Re: bogie DHCP server problem from S Malik on 2010-02-03 (Ccielab archives /201002)

From: S Malik <ccie.09_at_gmail.com>
Date: Wed, 3 Feb 2010 10:17:52 -0500

If all machines are on one Vlan then what about using VACL?

I guess we can use some ACL like following for DHCP

permit udp any eq bootpc any eq bootps

permit udp host 192.168.1.1 eq bootps any eq bootpc

On Wed, Feb 3, 2010 at 8:25 AM, Gaurav Thukral <pearlgaurav_at_gmail.com>wrote:

> ya,
>
> you can do that. I am really sorry for that i did not read the entire
> scenario.
>
> Regards,
> Gaurav
>
> On Wed, Feb 3, 2010 at 6:02 PM, Joe Astorino <jastorino_at_ipexpert.com>
> wrote:
>
> > Gaurav,
> >
> > If you are blocking all layer 2 communication whatsoever with
> > switchport protected you could accomplish the task without DHCP
> > Snooping.
> >
> > On Wed, Feb 3, 2010 at 6:07 AM, Gaurav Thukral <pearlgaurav_at_gmail.com>
> > wrote:
> > > Hi Forks,
> > >
> > > You have to use dhcp snooping for this.
> > >
> > > On Wed, Feb 3, 2010 at 2:34 AM, Joe Astorino <jastorino_at_ipexpert.com>
> > wrote:
> > >>
> > >> This was discussed in another thread yesterday. In short, yes it will
> > >> work. It will just severely limit you. If you want any sort of
> > >> communication between clients this is not a good idea. Otherwise
> > >> knock yourself out : )
> > >>
> > >> On Tue, Feb 2, 2010 at 3:56 PM, Iwan Hoogendoorn <iwan_at_ipexpert.com>
> > >> wrote:
> > >> > I don't think this will work ...
> > >> >
> > >> >
> > >> > On Mon, Feb 1, 2010 at 8:14 PM, Jack <ccie.unnumbered_at_gmail.com>
> > wrote:
> > >> >> Scenario: All DHCP clients get their IP address via a DHCP server
> > >> >> across
> > >> >> VLAN.
> > >> >> A bogie DHCP sever may exist in one's local area that shares the
> same
> > >> >> switch.
> > >> >> Instead of using DHCP snooping, will setting "switchport protected"
> > to
> > >> >> all
> > >> >> client ports work?
> > >> >>
> > >> >> Thanks,
> > >> >> Jack
> > >> >>
> > >> >>
> > >> >> Blogs and organic groups at http://www.ccie.net
> > >> >>
> > >> >>
> > _______________________________________________________________________
> > >> >> Subscription information may be found at:
> > >> >> http://www.groupstudy.com/list/CCIELab.html
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >>
> > >> >
> > >> >
> > >> >
> > >> > --
> > >> > Regards,
> > >> >
> > >> > Iwan Hoogendoorn
> > >> > CCIE #13084 (R&S / Security / SP)
> > >> > Sr. Support Engineer IPexpert, Inc.
> > >> > URL: http://www.IPexpert.com <http://www.ipexpert.com/>
> > >> >
> > >> >
> > >> > Blogs and organic groups at http://www.ccie.net
> > >> >
> > >> >
> > _______________________________________________________________________
> > >> > Subscription information may be found at:
> > >> > http://www.groupstudy.com/list/CCIELab.html
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> Regards,
> > >>
> > >> Joe Astorino CCIE #24347 (R&S)
> > >> Sr. Technical Instructor - IPexpert
> > >> Mailto: jastorino_at_ipexpert.com
> > >> Telephone: +1.810.326.1444
> > >> Live Assistance, Please visit: www.ipexpert.com/chat
> > >> eFax: +1.810.454.0130
> > >>
> > >> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
> > >> (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice,
> > >> Security & Service Provider) Certification Training with locations
> > >> throughout the United States, Europe and Australia. Be sure to check
> > >> out our online communities at www.ipexpert.com/communities and our
> > >> public website at www.ipexpert.com
> > >>
> > >>
> > >> Blogs and organic groups at http://www.ccie.net
> > >>
> > >>
> _______________________________________________________________________
> > >> Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> > > --
> > >
> >
> >
> >
> > --
> > Regards,
> >
> > Joe Astorino CCIE #24347 (R&S)
> > Sr. Technical Instructor - IPexpert
> > Mailto: jastorino_at_ipexpert.com
> > Telephone: +1.810.326.1444
> > Live Assistance, Please visit: www.ipexpert.com/chat
> > eFax: +1.810.454.0130
> >
> > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
> > (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice,
> > Security & Service Provider) Certification Training with locations
> > throughout the United States, Europe and Australia. Be sure to check
> > out our online communities at www.ipexpert.com/communities and our
> > public website at www.ipexpert.com
> >
>
>
>
> --
> Regards,
>
> Gaurav Thukral
> CCIE#21156( R&S), CCIE SP (Q)
> CCIP, CCDP, CCNA
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 03 2010 - 10:17:52 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART