#PSTip How to prevent rogue DHCP servers in Hyper-V

Note: This tip requires PowerShell 3.0 or above.

In a DHCP environment, it is possible for a rogue DHCP server to respond to client DHCP requests and provide incorrect address and configuration information. A rogue DHCP server could be used to redirect traffic for malicious purposes.

Hyper-V Virtual Switches in Windows Server 2012 has a new security feature called DHCP Guard. It drops DHCP server messages from unauthorized VMs pretending to be DHCP server. DHCP Guard allows you to specify whether DHCP server messages coming from a VM should be dropped.

The following command prevents a VM from becoming a rogue DHCP server by turning DHCPGuard “On”. To turn it off, set DHCPGuard to “Off”.

Set-VMNetworkAdapter -VMName VM1 -DhcpGuard On

About the author: Shay Levy

Shay Levy is a Co-founder and editor of the PowerShell Magazine. He is a multiple-year recipient of the Microsoft MVP award, and a Microsoft Certified Trainer (MCT). Shay often covers PowerShell related topics on his blog and you can also follow him on Twitter at @ShayLevy

Related Posts