[c-nsp] DHCP Binding Expiration
Scott Keoseyan
scott at labyrinth.org
Sat Feb 14 21:13:27 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Didn't Infoblox just announce a module for the ISR for DNS/DHCP/NTP?
That might be more appropriate somehow...
Scott
On Feb 9, 2009, at 12:50 PM, Justin Shore wrote:
> Manaf Al Oqlah wrote:
>> Hi all,
>> I am configuring a Cisco 7600 router as DHCP server for my
>> broadband clients. I am using DHCP snooping and ARP inspection for
>> security reasons and the leased time expiration is set for 30
>> minutes and no excluded-address is configured. The problem is that
>> I still can see some clients IP addresses lease expiration are
>> Infinite in the DHCP binding! what could be the reason for this
>> behavior and could be this some sort of attack!!
>
> I get them too. I never have figured out what causes them. So far
> it hasn't been a big deal for me.
>
> BTW, I'd recommend not using the IOS DHCP server for anything that
> more than convenience at a very small site. I would highly
> recommend deploying a server-based DHCP server like ISC DHCPd. Lots
> more bells a whistles to work with. Plus you can have redundancy
> with the server-based solution. The IOS DHCP server is a fairly
> stripped down implementation. I don't think it was intended to be
> used in large environments like a SP's broadband network.
>
> Justin
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkmXekcACgkQA7TpMPAlvEfWSwCfY6wmZItxj+YacfiZI1Vshe2M
o0UAoIHZ4FIXXIfMa6fhwUItDfsOEVsM
=9amM
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list