Wireless Access

last person joined: 8 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

DHCP server off an 93H

This thread has been viewed 0 times

  • 1.  DHCP server off an 93H

    Posted Aug 22, 2013 10:54 AM

    So I probably am missing something easy here, but we have several 93H access points deployed in our network and it appears a user plugged a home router incorrectly into the 4 port switch causing a rouge DHCP to appear on the network.  I applied a security policy:

    user to [network effected] with svc-dhcp deny

     

    Is there a more effective way to block these DHCP requests or am I going down the correct path?

     

    Thanks!



  • 2.  RE: DHCP server off an 93H
    Best Answer

    EMPLOYEE
    Posted Aug 22, 2013 11:37 AM

    Here is the ACL:

     

    user any udp 68  deny

     Make sure your port is untrusted and make sure the initial role in the AAA profile attached to that wired port has that ACL at the top



  • 3.  RE: DHCP server off an 93H

    Posted Aug 23, 2013 04:59 AM

    The reason cjoseph's andser is better than using the svc-dhcp option is that the svc-dhcp blocks both UDP 67 and UDP68.

    You only want to block UDB 68. This way you allow DHCP discovery from users but not DHCP offers. You want the users to be able to obtain an IP ;)

     

    The more effective way would than what cjoseph describes would be to walk over to the user and confiscate his Home Router :smileytongue:



  • 4.  RE: DHCP server off an 93H

    Posted Aug 23, 2013 10:58 AM

    That is in the works - but it is a new deployment and until everything is fully setup we are being a little nice.  Things will be harder for them once they have to authenticate on the wire too...