We run PPPoE and use PPPoE only filters and filter out Bootp server in all CPE gear. To detect rogue clients spewing DHCP around, we uplink a Mikrotik router to an untagged DHCP port in our switch and run the DHCP-Server Alert feature. This way we get an alert when someone plugs their router in backwards. Helps us be more proactive.
On Wed, Mar 11, 2015 at 9:57 AM, Glen Waldrop <gwl...@cngwireless.net> wrote: > We NAT as well. > > Static customers are WDS bridged. > > > > > ----- Original Message ----- From: "Bill Prince" <part15...@gmail.com> > To: <af@afmug.com> > Sent: Wednesday, March 11, 2015 9:36 AM > Subject: Re: [AFMUG] DHCP backfeed > > > >> (1) We NAT most of our SMs (> 96%) >> (2) Block DHCP server in the SM >> >> bp >> <part15sbs{at}gmail{dot}com> >> >> On 3/11/2015 7:05 AM, Brett A Mansfield wrote: >> >>> I’m curious what everyone does to prevent a customer from pulling more >>> than one IP address without using PPPoE, and how do you prevent their >>> router from backfeeding it’s DCHP server onto your network if they plug in >>> the cable to a LAN port instead of the WAN port? >>> >>> Thank you, >>> Brett A Mansfield >>> Silver Lake Internet >>> >> >> >> >