Ryan Lininger wrote: > I have been having some issues recently with DHCP on the wireless > network. It really has been misconfigured laptops running internet > connection sharing so far (notion malicious) but we have been > experiencing outages because of it. We are a Cisco Switched environment > but our wireless network is a Cisco and 5G network with a bluesocket > captive portal. I have DHCP snooping running on all the switches in our > environment that can run it but that is the only way that I have been > able to battle this issue. Everything else is manually hunt done the > culprit and meet with them to fix their machine. > > I would like to know how others have been battling the problem of rogue > systems serving DHCP on their wireless network? I wouldn't mind hearing > how people have battled this problem on the wired network either (these > solutions may port over). > > Any help is appreciated. > > Ryan. >
We get these in the dorms periodically, when a student who doesn't know the difference between a hub, a switch, an AP, and a router starts plugging things in wrong. The usual approach on the wired side is just to find someone who got an invalid address from the rogue server (they're usually on the other end of the Help Desk phone line) and check the ARP cache on their machine to get the MAC correlating to the IP that handed them an address. Then we check the centralized collection of CAM tables from our Cisco switches to find the port that they're plugged into and shut it off. --Matt -- Matt Gracie (716) 888-2403 Information Security Administrator [EMAIL PROTECTED] Canisius College ITS 425531N / 0785109W http://www2.canisius.edu/~graciem/graciem_public_key.gpg ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
