Skip to main content
Super User

Return to Answer

Fixed spelling
Source Link
edit approved Apr 18, 2011 at 15:58
Gareth
edit approved Apr 18, 2011 at 15:58
Gareth
  • 18.9k
  • 15
  • 58
  • 69

First offof all check if there is a "Port Guard" options in yours swichyour switch/router. There you can specify which port is trusted to work with dhcpDHCP.  A Layer 2+ swichswitch can do this.

Second. IfSecondly if you dontdon't have this you should block all incoming dhcpDHCP offers that arentaren't from yoursyour server ipIP. And make validation MAC-IP.IP; iptables can do that.

Third. YouFinally, you can useruse VLANVLANs's for that if yours dhcp-server supportyour DHCP server supports that.

First off all check if there is a "Port Guard" options in yours swich/router. There you can specify which port is trusted to work with dhcp.  Layer 2+ swich can do this.

Second. If you dont have this you should block all incoming dhcp offers that arent from yours server ip. And make validation MAC-IP. iptables can do that

Third. You can user VLAN's for that if yours dhcp-server support that.

First of all check if there is a "Port Guard" options in your switch/router. There you can specify which port is trusted to work with DHCP. A Layer 2+ switch can do this.

Secondly if you don't have this you should block all incoming DHCP offers that aren't from your server IP. And make validation MAC-IP; iptables can do that.

Finally, you can use VLANs for that if your DHCP server supports that.

Source Link
MealstroM
MealstroM
  • 161
  • 3

First off all check if there is a "Port Guard" options in yours swich/router. There you can specify which port is trusted to work with dhcp. Layer 2+ swich can do this.

Second. If you dont have this you should block all incoming dhcp offers that arent from yours server ip. And make validation MAC-IP. iptables can do that

Third. You can user VLAN's for that if yours dhcp-server support that.