Ryan,
This tool is going to be very helpful! We have NAC system that
automatically disables wired ports if DHCP is served on them but I,
obviously, don't want to do that on the wireless AP switchports and I
don't believe I can set up 2 different policies related to this. Having
an email notification will be most helpful at the moment and this tool
will do that.
Thanks,
Ryan.
Ryan Lininger
Network Systems Engineer
Denison University
p 740.587.6229
f 740.587.5722
[EMAIL PROTECTED]
Ryan Bays wrote:
Ryan,
We have been actively looking for DHCP servers using a script called
Rogue Detect. It periodically sends out DHCP discovers and compares the MAC
address responding against a set of known good DHCP servers. If it finds a
rouge it can email the MAC address along to someone who can shut it down.
You can find Rouge Detect at https://roguedetect.bountysource.com/. I have
ours running on a single Gentoo box with an 802.1q trunk carrying each of my
dorm subnets and an instance of the script running on each. It doesn't stop
them from sending out DHCP addresses, but it does help track them down
quickly.
Best Regards,
Ryan Bays
Network Services Analyst
Angelo State University
(325)486-6220
-----Original Message-----
From: Ryan Lininger [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 30, 2007 10:26 AM
To: [email protected]
Subject: [WIRELESS-LAN] Rogue DHCP on wireless network
I have been having some issues recently with DHCP on the wireless network.
It really has been misconfigured laptops running internet connection sharing
so far (notion malicious) but we have been experiencing outages because of
it. We are a Cisco Switched environment but our wireless network is a Cisco
and 5G network with a bluesocket captive portal. I have DHCP snooping
running on all the switches in our environment that can run it but that is
the only way that I have been able to battle this issue. Everything else is
manually hunt done the culprit and meet with them to fix their machine.
I would like to know how others have been battling the problem of rogue
systems serving DHCP on their wireless network? I wouldn't mind hearing how
people have battled this problem on the wired network either (these
solutions may port over).
Any help is appreciated.
Ryan.
--
Ryan Lininger
Network Systems Engineer
Denison University
p 740.587.6229
f 740.587.5722
[EMAIL PROTECTED]
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
