also block DHCP servers
on our canopy access points.
- Original Message -
*From:* Dave mailto:dmilho...@wletc.com
*To:* af@afmug.com mailto:af@afmug.com
*Sent:* Wednesday, March 11, 2015 9:44 AM
*Subject:* Re: [AFMUG] DHCP backfeed
Almost forgot make sure
that problem. We also block DHCP servers
on our canopy access points.
- Original Message -
*From:* Dave mailto:dmilho...@wletc.com
*To:* af@afmug.com mailto:af@afmug.com
*Sent:* Wednesday, March 11, 2015 9:44 AM
*Subject:* Re: [AFMUG] DHCP backfeed
Almost forgot make
We NAT as well.
Static customers are WDS bridged.
- Original Message -
From: Bill Prince part15...@gmail.com
To: af@afmug.com
Sent: Wednesday, March 11, 2015 9:36 AM
Subject: Re: [AFMUG] DHCP backfeed
(1) We NAT most of our SMs ( 96%)
(2) Block DHCP server in the SM
bp
Subject: Re: [AFMUG] DHCP backfeed
(1) We NAT most of our SMs ( 96%)
(2) Block DHCP server in the SM
bp
part15sbs{at}gmail{dot}com
On 3/11/2015 7:05 AM, Brett A Mansfield wrote:
I’m curious what everyone does to prevent a customer from pulling more
than one IP address without using
To: af@afmug.com
Subject: Re: [AFMUG] DHCP backfeed
We run PPPoE and use PPPoE only filters and filter out Bootp server in all CPE
gear. To detect rogue clients spewing DHCP around, we uplink a Mikrotik router
to an untagged DHCP port in our switch and run the DHCP-Server Alert feature
cents.
Dennis Burgess, CTO, Link Technologies, Inc.
den...@linktechs.net – 314-735-0270 – www.linktechs.net
*From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Eric Muehleisen
*Sent:* Wednesday, March 11, 2015 10:11 AM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] DHCP backfeed
We
: Wednesday, March 11, 2015 10:34 AM
To: af@afmug.com
Subject: Re: [AFMUG] DHCP backfeed
I don't know if you caught it, but we use PPPoE. Again, we use PPPoE.
On Wed, Mar 11, 2015 at 10:28 AM, Dennis Burgess
dmburg...@linktechs.netmailto:dmburg...@linktechs.net wrote:
Simple, never give your clients
://www.linktechs.net
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Eric Muehleisen
Sent: Wednesday, March 11, 2015 10:11 AM
To: af@afmug.com
Subject: Re: [AFMUG] DHCP backfeed
We run PPPoE and use PPPoE only filters and filter out Bootp server in all CPE
gear. To detect rogue clients spewing DHCP around
: Wednesday, March 11, 2015 7:05 AM
To: af@afmug.com
Subject: [AFMUG] DHCP backfeed
I’m curious what everyone does to prevent a customer from pulling more than one
IP address without using PPPoE, and how do you prevent their router from
backfeeding it’s DCHP server onto your network if they plug
Turn on NAT and let them have as many IPs as they want.
-Original Message-
From: Brett A Mansfield
Sent: Wednesday, March 11, 2015 8:05 AM
To: af@afmug.com
Subject: [AFMUG] DHCP backfeed
I’m curious what everyone does to prevent a customer from pulling more than
one IP address
If nobody else has mentioned it, translation bridging is what will do this as
well.
-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Wednesday, March 11, 2015 10:52 AM
To: af@afmug.com
Subject: Re: [AFMUG] DHCP backfeed
DHCP:
On Canopy go
Without NAT you have to drop DHCP port 67 incoming from the customer to
kill rogue DHCP servers there. As for only pulling one IP, there is not a
widely adopted method to manage this. It is a pain in my ass too.
-Ty
On Wed, Mar 11, 2015 at 9:05 AM, Brett A Mansfield
br...@silverlakeinternet.com
(1) We NAT most of our SMs ( 96%)
(2) Block DHCP server in the SM
bp
part15sbs{at}gmail{dot}com
On 3/11/2015 7:05 AM, Brett A Mansfield wrote:
I’m curious what everyone does to prevent a customer from pulling more than one
IP address without using PPPoE, and how do you prevent their router
Well you can manage it with Radius and Static DHCP assignments but then you
have to have a way for the customer to register their router/PC MAC address
with your radius server.
-Ty
On Wed, Mar 11, 2015 at 9:34 AM, Ty Featherling tyfeatherl...@gmail.com
wrote:
Without NAT you have to drop DHCP
In cambium subs under protocol filtering just check box bootp server in
any mode
On 03/11/2015 09:05 AM, Brett A Mansfield wrote:
I’m curious what everyone does to prevent a customer from pulling more than one
IP address without using PPPoE, and how do you prevent their router from
Almost forgot make sure the upstream check box is checked and downstream
unchecked
On 03/11/2015 09:05 AM, Brett A Mansfield wrote:
I’m curious what everyone does to prevent a customer from pulling more than one
IP address without using PPPoE, and how do you prevent their router from
DHCP:
On Canopy go to filters, check uplink and bootp server.
On most others make a firewall rule dropping port 67
I would also say it's safe and desirable to drop multicast traffic and
rate limit broadcast traffic. both of which are built-in features
on Canopy.
Limiting to one IP in
I’m curious what everyone does to prevent a customer from pulling more than one
IP address without using PPPoE, and how do you prevent their router from
backfeeding it’s DCHP server onto your network if they plug in the cable to a
LAN port instead of the WAN port?
Thank you,
Brett A Mansfield
18 matches
Mail list logo
