Wireless Access

Reply
Occasional Contributor II
Posts: 27
Registered: ‎12-11-2013

dhcp snooping and DAI in wireless

i was just set up a wireless network for a school use aruba 7xxx series. the deploy model is master/local. the clients get ip from external  dhcp server .

 

now, i meet a problem is,here someone is pretend a dhcp server in the network, i think it is a dhcp attack. is there any setting need to enable on controller to avoid this case happen?

 

many thanks everyone give me some advices

Guru Elite
Posts: 8,740
Registered: ‎09-08-2010

Re: dhcp snooping and DAI in wireless

[ Edited ]

If you are using the "logon-control" ACL in your user roles, there is an entry that blocks clients from serving DHCP addresses.

 

logon-control-deny-udp68.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 27
Registered: ‎12-11-2013

Re: dhcp snooping and DAI in wireless

very appreciated...very helpful idea...but is there a way for mitigate man in middle attack? i mean that if some one pretend the gateway ip address, he will ruin the whole network...any setting on the controller ?

Guru Elite
Posts: 8,740
Registered: ‎09-08-2010

Re: dhcp snooping and DAI in wireless

[ Edited ]

There are two things you can do:

 

1) Enable "Enforce DHCP" in your AAA profile. This will stop a user from entering the user table if they did not receive their address via DHCP

 

2) Add your gateway addresses to the validuser ACL.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 27
Registered: ‎12-11-2013

Re: dhcp snooping and DAI in wireless

ok...i try it later...thank you very much

Guru Elite
Posts: 8,740
Registered: ‎09-08-2010

Re: dhcp snooping and DAI in wireless

valid-user-deny-gateway.png

 

 

enforce-dhcp.png


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: