Blocking DHCP servers
Posted on 2007-03-29
Is there a way I can use ACLs on a Cisco switch to block DHCP servers that are connected to it?
I woud like to physically block users from accessing ports, but we have mandated to allow some users the facility to plug in devices so I need a way of stopping addresses being distributed by unauthorised devices.
I've tried each of the following access lists on test interfaces for inbound but they all block DHCP client requests too:
access-list 101 deny udp any eq bootps any eq bootpc
access-list 102 deny udp any eq bootpc any eq bootps
access-list 103 deny udp any eq bootps host 255.255.255.255 eq bootpc
access-list 104 deny udp host 255.255.255.255 eq bootpc any eq bootps
access-list 105 permit udp host 192.168.246.10 eq bootps any eq bootpc
access-list 105 deny udp any eq bootps any eq bootpc
Am I doing something wrong?