[c-nsp] DHCP Binding Expiration
Justin Shore
justin at justinshore.com
Mon Feb 9 12:50:54 EST 2009
Manaf Al Oqlah wrote:
> Hi all,
>
> I am configuring a Cisco 7600 router as DHCP server for my broadband clients. I am using DHCP snooping and ARP inspection for security reasons and the leased time expiration is set for 30 minutes and no excluded-address is configured. The problem is that I still can see some clients IP addresses lease expiration are Infinite in the DHCP binding! what could be the reason for this behavior and could be this some sort of attack!!
I get them too. I never have figured out what causes them. So far it
hasn't been a big deal for me.
BTW, I'd recommend not using the IOS DHCP server for anything that more
than convenience at a very small site. I would highly recommend
deploying a server-based DHCP server like ISC DHCPd. Lots more bells a
whistles to work with. Plus you can have redundancy with the
server-based solution. The IOS DHCP server is a fairly stripped down
implementation. I don't think it was intended to be used in large
environments like a SP's broadband network.
Justin
More information about the cisco-nsp
mailing list