Blocking DHCP servers on FoxGate switches

For example, I’ll take a FoxGate S6224-S4 switch; on other models, the configuration is almost the same.

First, enable the dhcp snooping function:

ip dhcp snooping enable

Configure the blocking mode on the required ports (turning off the port / dropping packets):

interface ethernet 1/1-24
ip dhcp snooping action shutdown/blackhole
ip dhcp snooping action blackhole recovery 60
exit
interface ethernet 1/26-28
ip dhcp snooping action shutdown/blackhole
ip dhcp snooping action blackhole recovery 60
exit

Port 25 in my case is uplink, so on it we allow the passage of DHCP packets from a DHCP server:

interface ethernet 1/25
ip dhcp snooping trust
exit

Check your settings:

show ip dhcp snooping

Done, in this example, packets are blocked from DHCP servers on ports 1 through 24 and from 26 to 28.

For FoxGate S6224-S2, the interfaces are chosen as follows:

interface ethernet 0/0/1-24
...
exit
interface ethernet 0/0/26
...
exit

See also my article:
How to catch broadcast storms on FoxGate switches

Подписаться на IT Blog (RU) по Email
Subscribe to IT Blog (EN) by Email

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a Reply