The reason why I think this might not be sufficient is this: If you disable later DHCP proxy for any reason, then DHCP requests are relayed to the wired network, no matter what DHCP IP address you enter in the SSID config. So blocking with an ACL is the only way to be completely sure?
Regards Stefan Von: Stalder Dominic [mailto:[email protected]] Gesendet: Dienstag, 21. Dezember 2010 16:59 An: Stefan Angerer; Raul Manzano; [email protected] Betreff: Re: [CCIE Wireless] Doubts about labs 3 and 4 of workbook 1. > - Ensure that any client does not get an IP via DHCP As you Raul Manzano said correctly, you can disable DHCP Addr. Required AND set the IP adress of the DHCP override in the WLAN to 0.0.0.0, then all the DHCP packets are discarded by the controller. This is because the WLAN override - as it says - overrides the per-interface settings. You can find this in the WLC 4.2 configuration guide on 6-7. Regards Dominic ________________________________ Von: Stefan Angerer <[email protected]> Datum: Tue, 21 Dec 2010 14:34:47 +0000 An: Raul Manzano <[email protected]>, "[email protected]" <[email protected]> Betreff: Re: [CCIE Wireless] Doubts about labs 3 and 4 of workbook 1. - I think disabling aironet extensions makes sure that any non cisco device can connect - I guess the only way to be sure DHCP is not used is applying an ACL to the specific SSID appreciate any other opinions on this :) so long Stefan Von: [email protected] [mailto:[email protected]] Im Auftrag von Raul Manzano Gesendet: Dienstag, 21. Dezember 2010 15:10 An: [email protected] Betreff: [CCIE Wireless] Doubts about labs 3 and 4 of workbook 1. Hi guys. Working with the material of lab workbook 1 from ipexpert I come up several doubts, I hope someone can help me. - In some tasks it is required that any non-cisco device can not connect to the ssid; I´m suppose they are talking about to enable client MFP since both Cisco ip phone 7921G and CB21 devices are CCX v5 compliant devices; this taks normaly is required for exclusive Cisco´s 7921 voice-ready ssid. Am i right?? - Ensure that any client does not get an IP via DHCP: I can think of two ways; the first one is uncheck the both box in advanced tab in the SSID configuration ( DHCP required and override dhcp) but this one does not ensure against any change at the interface level; the second one is to use an IP for a non-existent DHCP server in the box "override dhcp"; In this way, ensure that any change made at the interface level about the DHCP server can not affect me and the clients can not use any DHCP server to obtain an IP. Best Regards. ________________________________ _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
