Thanks everyone for the quick responses! All of them have been helpful.
Ultimately, I'm looking for a way to prevent them from serving DHCP in
the first place or notify me so I can ban the system from the network
until they fix the issue. I believe the Rogue Detect tool will be very
helpful and I like the idea of a layer 2 ACL on the AP's themselves to
prevent the request/response from happening in the wrong direction. I
also will consider BPDUguard. We currently follow the ARP table
reference/manual lookup method mentioned in another email but we are
trying to get out of that business and automate/prevent the
occurrences. We also, currently, have an "assignment required" like
setting on our bluesocket gateway that prevents any addresses from using
the network unless they are assigned by our DHCP servers. This,
however, doesn't prevent the DOS situation created by a student serving
their own DHCP.
Thanks again for everyones help! If people have more ideas please keep
them coming.
Thanks,
Ryan.
Fred Archibald wrote:
Ryan,
In our Cisco/Airespace environment, on each WLAN, we set the DHCP
address assignment to "required". This forces the controller to only
allow traffic to be forwarded for clients that obtained their DHCP
lease from a DHCP server that is behind the controller on our wired
infrastructure. This feature has worked very well for us in EECS. I
believe this will work for you.
Fred
Ryan Lininger wrote:
I have been having some issues recently with DHCP on the wireless
network. It really has been misconfigured laptops running internet
connection sharing so far (notion malicious) but we have been
experiencing outages because of it. We are a Cisco Switched
environment but our wireless network is a Cisco and 5G network with a
bluesocket captive portal. I have DHCP snooping running on all the
switches in our environment that can run it but that is the only way
that I have been able to battle this issue. Everything else is
manually hunt done the culprit and meet with them to fix their machine.
I would like to know how others have been battling the problem of
rogue systems serving DHCP on their wireless network? I wouldn't
mind hearing how people have battled this problem on the wired
network either (these solutions may port over).
Any help is appreciated.
Ryan.
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
