Is it possible to block DHCP requests....

Because we have two offices A 192.168.0.0 and office B 192.168.1.0 network...

i am using static route on both routers to talk to each other..

However for some reason office a can get a dhcp request from office b server and vice vs... i was wondering how to stop this... because sometimes it stops one of my servers being a dhcp server...

yes, it certainly is
http://www.google.com.au/search?hl=en&q=how+to+block+dhcp&btnG=Google+Search&meta=

i am not stupid.. done that search has nothing.. i have blocked port 67 & 68 with no luck

As if you wouldn't have them on different physical networks (not just IP ones).

What's the subnet mask you're using?

Also, you could just setup one DHCP server for both offices.

If your running Cisco gear, there's an option called DHCP snooping which allows you to configure a trusted dhcp server on a port by port or vlan basis and block all other dhcp server traffic which is used for situations like the one you descirbed. Of course only applies if you have the gear that supports it.

i am not stupid.. done that search has nothing.. i have blocked port 67 & 68 with no luck

*boggle*

lol

yeh i am thinking about buying a cisco router... anyone know any good resellers who also set them up...

they are both on the same subnet 255.255.255.0

BTW the office connected using wireless so i am trying to minimise the use of the wireless connection..

last edited by TiT at 11:32:23 07/Aug/07

A DHCP Discover is a broadcast.

If a broadcast is getting from office A to office B, then you do not have them on different networks, despite having different IP subnets.

I strongly suggest you run 3 physical networks.
1 for office A
1 for office B
and
1 for the wireless link

That way you can put security on the A-wireless and B-wireless routers. Wireless even WPA is not to be trusted as secure (imo tinfoilhat +1).

The routers can be s***ting little boxes running linux, or purpose built appliances (expensive).

However, If no device on A needs direct communication with a device on B other then the 2 servers. Multi-home the servers and have no router but setup a decent firewall on the servers wireless network's NIC.

But that's just me.

May I just be the first to say:

Told you so.

But no, you didn't want to listen when we suggested how to do this, and told you to put a router in place.

they are both on the same subnet 255.255.255.0

that is a subnet mask, not a subnet.

ebay for cisco gear these guys seem to have a few decent cisco routers. 871 should be sufficient for what you're doing. they have some wireless ones as well which might be able to take care of the wireless connection in between as well ( not sure, haven't used them before ).

raven you're a dill

If you still wanted to go the dodgy way mac address filter each set of computers taht need to be on they're respective networks, then it can't get the wrong ip.

Or do static ips.

access-list 120 deny tcp from networkA to networkB eq dhcp
access-list 120 deny tcp from networkB to networkA eq dhcp

something like that, depending how your networks are setup and what devices do dhcp, what kinda firewall you're running yada yada yada

At the moment there is no firewall or router, that's the point. A DHCP Discover packet is a broadcast, it can't get from 1 network to another without a DHCP Help or Bootp Proxy.

ie. It is getting from 1 office to another, there for it is 1 network, there for there is no firewall or router to apply that rule to.

I don't get it obes

ie. It is getting from 1 office to another, there for it is 1 network, there for there is no firewall or router to apply that rule to.

i am using static route on both routers to talk to each other..

what

Splash there is a huge difference between a physical network, and an IP network/subnet.

And while you need an "IP router" to route between different "IP networks" yet on that same network A broadcast (like a DHCP Discover) on a physical network goes everywhere.

But that's only a guess, based on the musings of someone who is struggling with the concepts, and who has a signature that suggest he laughs at himself frequently.

I was just pointing out that the original post said he is using a router(s), but you're assuming he isn't.

I'm assuming he isn't because I doubt he has the knowledge or skill to setup a DHCP Helper or Bootp Proxy. That doubt is based upon the fact he is asking relatively simple questions regarding DHCP and firewalls.

Anyway a DHCP Discover is a broadcast.
Broadcasts do no travel from network to network.

There for ... It must be 1 physical network.

And the word router is a loosely used term hence his confusion as to what he has setup.

well i do have 2 routers the picture shows how its setup

http://img174.imageshack.us/img174/6840/officesetupat0.gif

Sorry its Fixed!

last edited by TiT at 15:29:28 08/Aug/07

that's an interesting empty green shape

that's an interesting empty green shape

looks like obes was right, it IS just one physical network :)

I think I see the porblem.

What you're looking at here is your classic 'network submerged in pea and ham soup' situation. What you want to do is first remove the network from the soup and then begin to troubleshoot your connection issues.

lols @ 4969 x 7031 px image

as it was brought up last time you came here asking about your network issues, you shouldn't be running two different networks with different subnets on the same broadcast domain.

as you have not placed a routing device on your network to seperate the two subnets you are going to continue to have stupid issues where upon you will come to the forum and ask why/how/whatnow.

how about you utilise the advice that you have already been given OR get someone in who actually has a clue to setup your network.

don't worry mate, we'll get you up and running. Some of what some people have said here is true and your DCHP broadcast may be effecting your entire network illistrated in your diagram.

Could you please tell me more about your wireless link, primarily why it was setup and what kind of things you need to do that warrants having the link?

From that I will try and draw you up a network diagram, as someone suggested, using three networks. One for office a, office b and one for the wireless link itself. Ontop of that i'll also try and give you advice as to how you can configure your wireless routers so that only traffic from one office can access the resource it needs to at the other office. It's always been my practise to assume wireless links are comprimised or treated as a 'wan/internet/dmz'.

Well Office B is about 400 metres accross the road from Office A.. So we have used 2 wireless AP in WDS mode to connect the two networks...

[B]WHY[/B]

Why not just pay a consultant to set it up correctly and quickly according to your specs ro what they suggest?