Reject unknown DHCP Servers

[dxdemetriou]

Hi,

how can I configure Windows XP clients to accept only one DHCP server and reject any unknown that maybe connected by mistake?

I'm trying to do this because I had some problem before when some people that didn't knew the difference of router and switch had connected it on the LAN making a big problem on the network.

I searched on the internet to find the solution, and I couldn't found anything for windows XP but only for linux and macosx.

What I'm trying to do is to put a rule that will reject dhcp offerings from some ip or some range of ip addresses, something like "reject 192.168.0.1" or "reject 192.168.0.0/16"

Thanks

[Tripredacus]

I don't think that this is something that should be configured on the clients, but on the DHCP server. Windows Server (as of 2003) uses authorization to stop rogue servers from screwing up your network.

[cluberti]

The problem with DHCP requests is that they're UDP DISCOVER packet broadcasts, and especially if a client doesn't yet have an IP, it's hard to firewall like that. It's not impossible, but it's pretty difficult.

Are you trying to avoid rogue servers on a specific network, or lock clients down for some other reason?

[dxdemetriou]

I'm trying to either force the client to use and accept only one ip address as dhcp server for taking an ip, or to block some known ips that are used by routers. It's that I said before, I'm trying to avoid the use of another dhcp server on the same LAN.

Edited February 12, 2009 by dxdemetriou

[Tripredacus]

It appears that Cisco has methods to protect you if you have their hardware.

I'll try looking into other options next week if this is still an active topic.