cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
scott8035
New Contributor

How do I block DHCP traffic only on uplink port?

Our company is setting up a network and access points for a church. My task is to set this up using the equipment that was donated. One of those items is a 3rd-gen NetVanta 1234P to work with.

The church has what appears to be "normal" residential service. DHCP is being offered by the ISP's equipment, however, I need to configure a DHCP option, so I can't use that. I'd like to use the switch as the DHCP server, but who knows which DHCP server would respond first.

I'm using interface G1 to connect to the ISP. What I would like to do is block DHCP traffic from going over the uplink via G1, but allow it on all other interfaces. I've poked around with ACLs in the GUI, but can't find a way to configure it from there, and I'm not familiar with the switch CLI. Can someone get me pointed in the right direction?

Tags (3)
0 Kudos
1 Reply
jayh
Honored Contributor
Honored Contributor

Re: How do I block DHCP traffic only on uplink port?

If it's normal residential service, the ISP will typically only provide one dynamic public IP address. If the ISP's router is doing NAT, I would contact the ISP and have them turn that off. Then create a VLAN and VLAN interface on the 1234P facing the ISP. Configure one switchport in this VLAN as a DHCP client facing the ISP. This will receive a public IP from the ISP.

Set up your private network on the default VLAN (or create a new non-default one) and NAT from this VLAN interface to the public VLAN interface. Now your 1234P is acting as a DHCP client to the ISP and a server to your LAN. DHCP from the ISP won't cross between the VLANs. Either use IP domain-proxy or manually enter the ISP's nameservers (or public ones) in your local DHCP pool.

You can leave the ISP's NAT in place but I wouldn't recommend it as double-NAT often doesn't play well with some applications (SIP as an example).