Home

Forums

Stories

Knowledge Base

Business Community > Switches > How can i stop DHCP being served to a group of ports on one particular switch on a particular vlan?

< Switches

How can i stop DHCP being served to a group of ports on one particular switch on a particular vlan?

How can i stop DHCP being served to a group of ports on one particular switch on a particular vlan?

How can i stop DHCP being served to a group of ports on one particular switch on a particular vlan?

2025-01-24 12:23:56

Posts: 305

Helpful: 147

Solutions: 25

Stories: 0

Registered: 2022-01-02

How can i stop DHCP being served to a group of ports on one particular switch on a particular vlan?

2025-01-24 12:23:56

I have need to prevent devices with a specific VLAN tag from receiving DHCP on a group of ports on one particular switch - they instead must be set as statics. I want to force this so the users must set a static on the device before it can work rather than relying on DHCP. I need DHCP to continue to serve all the rest of the network as normal for that VLAN.

Things I have tried:

Switch ACL to prevent "Network - Tech" > DHCP Server IP Ports 67-68 UDP applied to only that group of switch ports specifically

Switch ACL to prevent DHCP Server IP Ports 67-68 UDP > "Network - Tech" applied to only that group of switch ports specifically (reverse of above)

Switch ACL to prevent UDP Ports 67-68 > IPgroup_Any applied to only those ports

Switch ACL to prevent IPgroup_Any > UDP Ports 67-68 applied to only those ports (reverse of above)

I have tried the above 4 ACLs using the DHCP servers source switch port instead

I have tried using the DHCP servers MAC address in a MAC group, and used ACLs in both directions to and from it.

I still, always get DHCP served on those ports!

WHY ?????

The only way i can seem to block DHCP is a blanket UDP 67-68 > IP_Group_Any applied to all switch ports across entire network.

Can anyone assist?

0

0

#1

4 Reply

2025-01-26 08:33:13

Posts: 7059

Helpful: 3589

Solutions: 1707

Stories: 0

Registered: 2023-06-09

Re:How can i stop DHCP being served to a group of ports on one particular switch on a particular vlan?

2025-01-26 08:33:13

Thanks for posting in our business forum.

Prevent the GW IP instead of any. Block the GW IP(DHCP server IP) in that broadcast range.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

0

0

#2

LV4

2025-01-26 08:38:36

Posts: 305

Helpful: 147

Solutions: 25

Stories: 0

Registered: 2022-01-02

Re:How can i stop DHCP being served to a group of ports on one particular switch on a particular vlan?

2025-01-26 08:38:36

I have tried that

ACL

Block UDP 67-68 <> GW IP. those switch ports only

DHCP still passes!

0

0

#3

2025-01-26 08:46:32

Posts: 7059

Helpful: 3589

Solutions: 1707

Stories: 0

Registered: 2023-06-09

Re:How can i stop DHCP being served to a group of ports on one particular switch on a particular vlan?

2025-01-26 08:46:32

Thanks for posting in our business forum.

GRL wrote

@Clive_A

I have tried that

ACL

Block UDP 67-68 <> GW IP. those switch ports only

DHCP still passes!

DHCP IP still got assigned to them the clients?

Rule 1 IP-Port subnet of this VLAN, port UDP 67 68

Rule 2 GW IP to VLAN, port 66 67. The GW IP means the IP in that VLAN. Not the default VLAN 192.168.0.1, for example.

VLAN 10.0.0.0/24, IP is 10.0.0.1/24 if you configure it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

1

1

#4

LV4

2025-01-26 08:50:33

Posts: 305

Helpful: 147

Solutions: 25

Stories: 0

Registered: 2022-01-02

Re:How can i stop DHCP being served to a group of ports on one particular switch on a particular vlan?

2025-01-26 08:50:33

Yes this is exatly what i tried

VLAN 6 (not management

GW IP 192.168.6.254

Switch ACL

192.168.6.0/24 UDP port 67-68 .......... 192.168.6.254 UDP port 67-68 Applied to Switch 3 ports 1-8 only

I tried it the other way around as well, and also as one and the reverse in a seperate acl

DHCP always passed.

DHCP doesnt pass if i apply the rule to all switch ports. It only not works if i apply to a selection of ports on any particular switch.

0

0

#5