Is it possible in a managed switch such as a 3com 4500 or a HP Baseline PWR-Plus type switch to block DHCP from being served through specific ports, or all except 1 port?
I have a DHCP server for example plugged in to port 1, I need that to continue working, but I want to prevent the issue where a user plugs in a rogue device (router) that serves up dhcp.
When this happens, some percentage of the time, the clients will now get dhcp from this rogue device, which is not the correct ip range, so clients loose connectivity.
I am wondering if there is some kind of setting in the switches, or some other approach?
You switches allow you to filter IP ports. So you just have to block port UDP 67 (DHCP DISCOVER) or UDP 68 (DHCP OFFER) (depend if you want to block input or output, or maybe both) except on the desired switch port.
Many manufactures of switches offer options on their managed equipment to handle this. Cisco, for example, has "DHCP snooping" that will determine where DHCP messages can come from and "IP Source Guard" that will also prevent traffic from using an IP they didn't obtain from the DHCP server. See http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=7
HP also does DHCP snooping: http://h40060.www4.hp.com/procurve/uk/en/pdfs/application-notes/AN-S12_ProCurve-DHCP-snooping-final.pdf
... and the remaining vendors of interest will be an exercise for the reader.