Blocking DHCP servers on FoxGate switches

For example, I’ll take a FoxGate S6224-S4 switch; on other models, the configuration is almost the same.

First, enable the dhcp snooping function:

ip dhcp snooping enable

Configure the blocking mode on the required ports (turning off the port / dropping packets):

interface ethernet 1/1-24
ip dhcp snooping action shutdown/blackhole
ip dhcp snooping action blackhole recovery 60
exit
interface ethernet 1/26-28
ip dhcp snooping action shutdown/blackhole
ip dhcp snooping action blackhole recovery 60
exit

Port 25 in my case is uplink, so on it we allow the passage of DHCP packets from a DHCP server:

interface ethernet 1/25
ip dhcp snooping trust
exit

Check your settings:

show ip dhcp snooping

Done, in this example, packets are blocked from DHCP servers on ports 1 through 24 and from 26 to 28.

For FoxGate S6224-S2, the interfaces are chosen as follows:

interface ethernet 0/0/1-24
...
exit
interface ethernet 0/0/26
...
exit

See also my article:
How to catch broadcast storms on FoxGate switches

Leave a comment

Leave a Reply