Simple, never give your clients layer 2 access to your wireless gear like that. There is no need for it, and just causes issues. ☺ just my 2 cents.
Dennis Burgess, CTO, Link Technologies, Inc. [email protected]<mailto:[email protected]> – 314-735-0270 – www.linktechs.net<http://www.linktechs.net> From: Af [mailto:[email protected]] On Behalf Of Eric Muehleisen Sent: Wednesday, March 11, 2015 10:11 AM To: [email protected] Subject: Re: [AFMUG] DHCP backfeed We run PPPoE and use PPPoE only filters and filter out Bootp server in all CPE gear. To detect rogue clients spewing DHCP around, we uplink a Mikrotik router to an untagged DHCP port in our switch and run the DHCP-Server Alert feature. This way we get an alert when someone plugs their router in backwards. Helps us be more proactive. On Wed, Mar 11, 2015 at 9:57 AM, Glen Waldrop <[email protected]<mailto:[email protected]>> wrote: We NAT as well. Static customers are WDS bridged. ----- Original Message ----- From: "Bill Prince" <[email protected]<mailto:[email protected]>> To: <[email protected]<mailto:[email protected]>> Sent: Wednesday, March 11, 2015 9:36 AM Subject: Re: [AFMUG] DHCP backfeed (1) We NAT most of our SMs (> 96%) (2) Block DHCP server in the SM bp <part15sbs{at}gmail{dot}com> On 3/11/2015 7:05 AM, Brett A Mansfield wrote: I’m curious what everyone does to prevent a customer from pulling more than one IP address without using PPPoE, and how do you prevent their router from backfeeding it’s DCHP server onto your network if they plug in the cable to a LAN port instead of the WAN port? Thank you, Brett A Mansfield Silver Lake Internet
