DHCP Authentication

Marco Amadori amadorim at vdavda.com
Tue Jul 1 13:55:09 UTC 2008

On Tuesday 01 July 2008, 13:27:21, Simon Hobson wrote:

> Anders Rosendal wrote:
> >If the network owner starts to implement features like dhcp-snooping
> >with "ip source guard" and "ip arp inspection" in the switches to
> >achive much greater security in the network your solution with dhcp
> >on non default ports will probebly fail totally. This since
> >dhcp-snooping in the switches probebly won't recognice your modified
> >dhcp communication.
> Which brings up another point I'd missed. If you run DHCP on
> non-standard ports then you'll also need to run DHCP relay agents on
> non standard ports as well. This will effectively require an
> additional box on each subnet in this case to run the relay agent
> since the OP doesn't have administrative access to the routers.

Yes, this is could be a big problem in changeing the default port, this is one 
of the reason I asked about authentication and DHCP on this list.

If the foreign switches will cut our non standard DHCP traffic we need other 
ideas to identify servers.

Does dhclient with a custom option like "dhcp-server-identifier" specified on 
the server could distinguish between DHCP offers? It should if I understood 
well the manpages.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the dhcp-users mailing list