Ryan, You might look at your switches I know our 3com switches have the option to DHCP replies from traveling inbound on individual ports, you would set this on all ports but uplink ports and it should take care of your problem. I would also only recommend this on peripheral switches not your core switches. Michael H. Bean PC Technician Information Services University of Saint Mary 4100 South 4th Street Leavenworth, KS 66048 682-5151 ext. 6999 Email: [EMAIL PROTECTED]
>>> Ryan Lininger <[EMAIL PROTECTED]> 8/30/2007 2:48 PM >>> Thanks everyone for the quick responses! All of them have been helpful. Ultimately, I'm looking for a way to prevent them from serving DHCP in the first place or notify me so I can ban the system from the network until they fix the issue. I believe the Rogue Detect tool will be very helpful and I like the idea of a layer 2 ACL on the AP's themselves to prevent the request/response from happening in the wrong direction. I also will consider BPDUguard. We currently follow the ARP table reference/manual lookup method mentioned in another email but we are trying to get out of that business and automate/prevent the occurrences. We also, currently, have an "assignment required" like setting on our bluesocket gateway that prevents any addresses from using the network unless they are assigned by our DHCP servers. This, however, doesn't prevent the DOS situation created by a student serving their own DHCP. Thanks again for everyones help! If people have more ideas please keep them coming. Thanks, Ryan. Fred Archibald wrote: > Ryan, > In our Cisco/Airespace environment, on each WLAN, we set the DHCP > address assignment to "required". This forces the controller to only > allow traffic to be forwarded for clients that obtained their DHCP > lease from a DHCP server that is behind the controller on our wired > infrastructure. This feature has worked very well for us in EECS. I > believe this will work for you. > Fred > > Ryan Lininger wrote: >> I have been having some issues recently with DHCP on the wireless >> network. It really has been misconfigured laptops running internet >> connection sharing so far (notion malicious) but we have been >> experiencing outages because of it. We are a Cisco Switched >> environment but our wireless network is a Cisco and 5G network with a >> bluesocket captive portal. I have DHCP snooping running on all the >> switches in our environment that can run it but that is the only way >> that I have been able to battle this issue. Everything else is >> manually hunt done the culprit and meet with them to fix their machine. >> >> I would like to know how others have been battling the problem of >> rogue systems serving DHCP on their wireless network? I wouldn't >> mind hearing how people have battled this problem on the wired >> network either (these solutions may port over). >> >> Any help is appreciated. >> >> Ryan. >> > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
