Prevent rouge DHCP with DS?
Posted: Sat May 18, 2019 11:02 pm
Hello.
Quick question to the devs.
We usually do not give a client level 2 access to the network, as a rule the cpe is in router mode.
We run a pretty flat Network with lots of isolation ( thank you netonix ) and some firewall rules. No router on towers yet.
But we have a couple of special cases where we had to send the cable down to the client’s site bridged. This is basically a time bomb , waiting to be plugged in the wrong place and sending dhcp up the network.
So I found this post.
viewtopic.php?f=17&t=971&p=8168&hilit=DHCP+Snooping#p8168
Can we use this to prevent a rogue dhcp server from sending its leases back on to our network?
We would do static ip on those cases.
All ideas pointers and suggestions are welcomed.
Ps congrats on your hardware !
Quick question to the devs.
We usually do not give a client level 2 access to the network, as a rule the cpe is in router mode.
We run a pretty flat Network with lots of isolation ( thank you netonix ) and some firewall rules. No router on towers yet.
But we have a couple of special cases where we had to send the cable down to the client’s site bridged. This is basically a time bomb , waiting to be plugged in the wrong place and sending dhcp up the network.
So I found this post.
viewtopic.php?f=17&t=971&p=8168&hilit=DHCP+Snooping#p8168
Can we use this to prevent a rogue dhcp server from sending its leases back on to our network?
We would do static ip on those cases.
All ideas pointers and suggestions are welcomed.
Ps congrats on your hardware !