Meraki

phelimmc · ‎Aug 3 2022

Hi,

Can someone please advise? can you block a DHCP server by IP address within Meraki? there only seems to be an option to block by MAC address?

Thanks

Brash · ‎Aug 3 2022

Not that I'm aware of.

What is the use case of blocking it based on IP address?

DHCP works on layer 2 and therefore the responses to DHCP requests will be sent via MAC address.

ww · ‎Aug 3 2022

You could use acl on the switches.

Or if its forwarded using a svi on for example the mx you can block it using the firewall

RaphaelL · ‎Aug 3 2022

In some cases you can and can't. It depends where the DHCP server is.

If the DHCP server is configured as a IP helper and resides on a different vlan , there are some nasty hidden firewall rules that will still allow the trafic ( eg: Wireless firewall , GP 'firewall' )

I find that very annoying.

Also the MX firewall won't block trafic that has a destination in the autoVPN tunnel , you would need to use the S2S firewall. You can get confused real quick

BlakeRichardson · ‎Aug 3 2022

If its a private network track down who DHCP server it is and give them a slap on the hand, interfering with a network is a hanging offence in many companies.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Dunky · ‎Aug 19 2022

The best option is to whitelist your known DHCP servers which will block any others by default regardless of their IP.

Go to Switches> DHCP servers & ARP, and configure as below entering the MACs of your DHCP servers where I have redacted mine:

Meraki

Community

Can you block a DHCP server by IP address within Meraki

Can you block a DHCP server by IP address within Meraki