Wireless Access

Reply
Frequent Contributor I
Posts: 65
Registered: ‎09-29-2010

DHCP server off an 93H

[ Edited ]

So I probably am missing something easy here, but we have several 93H access points deployed in our network and it appears a user plugged a home router incorrectly into the 4 port switch causing a rouge DHCP to appear on the network.  I applied a security policy:

user to [network effected] with svc-dhcp deny

 

Is there a more effective way to block these DHCP requests or am I going down the correct path?

 

Thanks!

Guru Elite
Posts: 20,768
Registered: ‎03-29-2007

Re: DHCP server off an 93H

Here is the ACL:

 

user any udp 68  deny 

 Make sure your port is untrusted and make sure the initial role in the AAA profile attached to that wired port has that ACL at the top



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 113
Registered: ‎11-27-2012

Re: DHCP server off an 93H

The reason cjoseph's andser is better than using the svc-dhcp option is that the svc-dhcp blocks both UDP 67 and UDP68.

You only want to block UDB 68. This way you allow DHCP discovery from users but not DHCP offers. You want the users to be able to obtain an IP ;)

 

The more effective way would than what cjoseph describes would be to walk over to the user and confiscate his Home Router :smileytongue:

-----------------------------------
-ACMX #352-
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Frequent Contributor I
Posts: 65
Registered: ‎09-29-2010

Re: DHCP server off an 93H

That is in the works - but it is a new deployment and until everything is fully setup we are being a little nice.  Things will be harder for them once they have to authenticate on the wire too...

Search Airheads
Showing results for 
Search instead for 
Did you mean: