Switch DHCP Server Policy Configuration
Dashboard Location: Switching > DHCP Servers and ARP
DHCP Security Policy Management
Switch DHCP server policy configuration in Meraki networks provides administrators with comprehensive DHCP security controls, enabling network protection against rogue DHCP servers, ARP spoofing attacks, and unauthorized network services. This functionality supports DHCP server validation, ARP inspection, policy enforcement, email alerting, and network traffic monitoring. DHCP server policies are essential for maintaining network integrity, preventing IP address conflicts, securing Layer 2 communications, and ensuring reliable network services in enterprise environments.
Diagram
Classes
switch (meraki.domains.organizations.networks)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
dhcp_server_policy | Class | [dhcp_server_policy] | No |
dhcp_server_policy (meraki.domains.organizations.networks.switch)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
default_policy | Choice | allow , block | No | |
allowed_servers | List | MAC | No | |
blocked_servers | List | MAC | No | |
arp_inspection | Boolean | true , false | No | |
alerts_email | Boolean | true , false | No | |
arp_inspection_trusted_servers | List | [arp_inspection_trusted_servers] | No |
arp_inspection_trusted_servers (meraki.domains.organizations.networks.switch.dhcp_server_policy)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
mac | MAC | No | ||
vlan | Any | Integer[min: 1 , max: 4094 ] or String[matches: `(?:[1-9] | [1-9][0-9] | [1-9][0-9]2 |
ipv4_address | IP | No | ||
trusted_server_name | String | min: 1 , max: 127 | Yes |
Examples
Example-1: The example below demonstrates switch DHCP server policy configuration using tested YAML configuration from pipeline fixtures.
meraki: domains: - name: "!env domain" administrator: name: "!env org_admin" organizations: - name: "!env org" networks: - name: "!env network_name" product_types: - appliance - switch - wireless - camera - sensor - cellularGateway switch: dhcp_server_policy: default_policy: block allowed_servers: - 00:50:56:00:00:01 - 00:50:56:00:00:02 blocked_servers: - 00:50:56:00:00:03 - 00:50:56:00:00:04 arp_inspection: true alerts_email: true arp_inspection_trusted_servers: - mac: AA:BB:CC:DD:EE:FF vlan: 100 ipv4_address: "1.2.3.4" trusted_server_name: s1 - mac: BB:CC:DD:EE:FF:AA vlan: 100 ipv4_address: "1.2.3.4" trusted_server_name: s2 - mac: CC:DD:EE:FF:AA:BB vlan: 101 ipv4_address: "10.20.30.40" trusted_server_name: s3