Hello.
Quick question to the devs.
We usually do not give a client level 2 access to the network, as a rule the cpe is in router mode.
We run a pretty flat Network with lots of isolation ( thank you netonix ) and some firewall rules. No router on towers yet.
But we have a couple of special cases where we had to send the cable down to the client’s site bridged. This is basically a time bomb , waiting to be plugged in the wrong place and sending dhcp up the network.
So I found this post.
viewtopic.php?f=17&t=971&p=8168&hilit=DHCP+Snooping#p8168
Can we use this to prevent a rogue dhcp server from sending its leases back on to our network?
We would do static ip on those cases.
All ideas pointers and suggestions are welcomed.
Ps congrats on your hardware !
Prevent rouge DHCP with DS?
-
Stephen - Employee
- Posts: 1034
- Joined: Sun Dec 24, 2017 8:56 pm
- Has thanked: 85 times
- Been thanked: 182 times
Re: Prevent rouge DHCP with DS?
From the link you posted:
So, for your purposes, if you are connecting one of our switches to a client's site bridge. Simply enable DHCP Snooping on the connected port and it will block any unwanted DHCP server's on the client side for you.
We "currently" just have a simple form of DHCP snooping implemented with no configurable settings which basically prevents a DHCP server from being able to advertise or hand out leases into and through those ports with DHCP Snooping enabled on them to the rest of the ports on that switch.
So, for your purposes, if you are connecting one of our switches to a client's site bridge. Simply enable DHCP Snooping on the connected port and it will block any unwanted DHCP server's on the client side for you.
2 posts
Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 112 guests