Should be easily accomplished by putting filters (ACLs) on the APs themselves. I know in the aironet 350 days this was possible. Block bootpserver inbound on the radio side. In fact while you're at it you may as well block bootpclient outbound on the radio side so that your legitimate bootpclient broadcasts don't go out the radio saving a little bandwidth.
_________________________ Thank you, Gregory R. Scholz Director of Telecommunications Information Technology Group Keene State College (603)358-2070 --Lead, follow, or get out of the way. (author unknown) -----Original Message----- From: Fred Archibald [mailto:[EMAIL PROTECTED] Sent: Thursday, August 30, 2007 11:46 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Rogue DHCP on wireless network Ryan, In our Cisco/Airespace environment, on each WLAN, we set the DHCP address assignment to "required". This forces the controller to only allow traffic to be forwarded for clients that obtained their DHCP lease from a DHCP server that is behind the controller on our wired infrastructure. This feature has worked very well for us in EECS. I believe this will work for you. Fred Ryan Lininger wrote: > I have been having some issues recently with DHCP on the wireless > network. It really has been misconfigured laptops running internet > connection sharing so far (notion malicious) but we have been > experiencing outages because of it. We are a Cisco Switched > environment but our wireless network is a Cisco and 5G network with a > bluesocket captive portal. I have DHCP snooping running on all the > switches in our environment that can run it but that is the only way > that I have been able to battle this issue. Everything else is > manually hunt done the culprit and meet with them to fix their machine. > > I would like to know how others have been battling the problem of > rogue systems serving DHCP on their wireless network? I wouldn't mind > hearing how people have battled this problem on the wired network > either (these solutions may port over). > > Any help is appreciated. > > Ryan. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
