PowerConnect: Preventing Rogue DHCP Servers From Assigning IP Addresses in Same VLAN

Summary: PowerConnect: Preventing Rogue DHCP Servers From Assigning IP Addresses in Same VLAN

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Description:
In certain cases it is necessary to prevent rogue DHCP servers from assigning IP addresses in the same VLAN.  Users can connect un-authorized DHCP servers in campus networks.
 

Cause

.

Resolution

Solution:
One of the solutions to this issue is to apply access-list to the access ports to prevent DHCP offers from unknown DHCP servers. 
Please note in the configuration below that DHCP servers 10.21.1.2, 10.2.1.12 and 10.2.1.15 are valid DHCP servers.  DHCP Offer from any other IP address is blocked.  This configuration was tested in PowerConnect 6248, and purely an example.
 
access-list DHCP-Filter permit udp 10.2.1.2 0.0.0.0 eq 67 any eq 68
access-list DHCP-Filter permit udp 10.2.1.12 0.0.0.0 eq 67 any eq 68
access-list DHCP-Filter permit udp 10.2.1.15 0.0.0.0 eq 67 any eq 68
access-list DHCP-Filter deny udp any eq 67 any eq 68
access-list DHCP-Filter permit ip any any
 
interface range ethernet 1/g1-1/g48
ip access-group DHCP-Filter out
 

Affected Products

PowerConnect 6224, PowerConnect 6224F, PowerConnect 6248, PowerConnect 6248P
Article Properties
Article Number: 000140577
Article Type: Solution
Last Modified: 16 Oct 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.