Switch DHCP Server Policy Configuration
Dashboard Location: Switching > DHCP Servers and ARP
DHCP Security Policy Management
Section titled “DHCP Security Policy Management”Switch DHCP server policy configuration in Meraki networks provides administrators with comprehensive DHCP security controls, enabling network protection against rogue DHCP servers, ARP spoofing attacks, and unauthorized network services. This functionality supports DHCP server validation, ARP inspection, policy enforcement, email alerting, and network traffic monitoring. DHCP server policies are essential for maintaining network integrity, preventing IP address conflicts, securing Layer 2 communications, and ensuring reliable network services in enterprise environments.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”switch (meraki.domains.organizations.networks)
Section titled “switch (meraki.domains.organizations.networks)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| dhcp_server_policy | Class | [dhcp_server_policy] | No |
dhcp_server_policy (meraki.domains.organizations.networks.switch)
Section titled “dhcp_server_policy (meraki.domains.organizations.networks.switch)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| default_policy | Choice | allow, block | No | |
| allowed_servers | List | MAC | No | |
| blocked_servers | List | MAC | No | |
| arp_inspection | Boolean | true, false | No | |
| alerts_email | Boolean | true, false | No | |
| arp_inspection_trusted_servers | List | [arp_inspection_trusted_servers] | No |
arp_inspection_trusted_servers (meraki.domains.organizations.networks.switch.dhcp_server_policy)
Section titled “arp_inspection_trusted_servers (meraki.domains.organizations.networks.switch.dhcp_server_policy)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| mac | MAC | No | ||
| vlan | Any | Integer[min: 1, max: 4094] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
| ipv4_address | IP | No | ||
| trusted_server_name | String | min: 1, max: 127 | Yes |
Examples
Section titled “Examples”Example-1: The example below demonstrates switch DHCP server policy configuration.
This configuration implements DHCP security policies to protect against rogue DHCP servers and ARP spoofing attacks. The example includes server allow/block lists, ARP inspection settings, and trusted server definitions for network security.
This configuration enhances Layer 2 security by enabling Dynamic ARP Inspection (DAI), which validates ARP packets against the DHCP snooping database, and denies DHCP responses from any servers not explicitly listed in the allowed_servers list (e.g., 00:50:56:00:00:01, 00:50:56:00:00:02), while explicitly blocking responses from blocked_servers such as 00:50:56:00:00:03 and 00:50:56:00:00:04. Additionally, email alerts are enabled (alerts_email: true) to notify administrators of DHCP security violations, such as unauthorized servers attempting to respond.
meraki: domains: - name: !env domain administrator: name: !env org_admin organizations: - name: !env org networks: - name: !env network_name product_types: - appliance - switch - wireless - camera - sensor - cellularGateway switch: dhcp_server_policy: default_policy: block allowed_servers: - 00:50:56:00:00:01 - 00:50:56:00:00:02 blocked_servers: - 00:50:56:00:00:03 - 00:50:56:00:00:04 arp_inspection: true alerts_email: true