Ryan,
You might look at your switches I know our 3com switches have the option to
DHCP replies from traveling inbound on individual ports, you would set this on
all ports but uplink ports and it should take care of your problem. I would
also only recommend this on peripheral switches not your
Thanks everyone for the quick responses! All of them have been helpful.
Ultimately, I'm looking for a way to prevent them from serving DHCP in
the first place or notify me so I can ban the system from the network
until they fix the issue. I believe the Rogue Detect tool will be very
helpful
Ryan,
This tool is going to be very helpful! We have NAC system that
automatically disables wired ports if DHCP is served on them but I,
obviously, don't want to do that on the wireless AP switchports and I
don't believe I can set up 2 different policies related to this. Having
an email not
Should be easily accomplished by putting filters (ACLs) on the APs
themselves. I know in the aironet 350 days this was possible. Block
bootpserver inbound on the radio side. In fact while you're at it you
may as well block bootpclient outbound on the radio side so that your
legitimate bootpclient b
Ryan Lininger wrote:
> I have been having some issues recently with DHCP on the wireless
> network. It really has been misconfigured laptops running internet
> connection sharing so far (notion malicious) but we have been
> experiencing outages because of it. We are a Cisco Switched environment
>
Ryan,
Not directly related to DHCP...
We have been enabling BPDUgard on Cisco switches, on the Wired side.
At least if people are bridging, it kills the Wired side.
(you don't want to enable BPDU on the Wireless side!)
That fixes bridging.
We also disable manually IPv6 on Vista machines, since i
Ryan,
We have been actively looking for DHCP servers using a script called
Rogue Detect. It periodically sends out DHCP discovers and compares the MAC
address responding against a set of known good DHCP servers. If it finds a
rouge it can email the MAC address along to someone who can shu
Ryan,
In our Cisco/Airespace environment, on each WLAN, we set the DHCP
address assignment to "required". This forces the controller to only
allow traffic to be forwarded for clients that obtained their DHCP lease
from a DHCP server that is behind the controller on our wired
infrastructure. T
I have been having some issues recently with DHCP on the wireless
network. It really has been misconfigured laptops running internet
connection sharing so far (notion malicious) but we have been
experiencing outages because of it. We are a Cisco Switched environment
but our wireless network i