Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

how to stop rogue DHCP in the network

This thread has been viewed 17 times

  • 1.  how to stop rogue DHCP in the network

    Posted Mar 24, 2015 03:01 AM

    Hi,

     

    How can i stop rogue DHCP in the wired & wireless network?

     

    Thanks in advance..



  • 2.  RE: how to stop rogue DHCP in the network
    Best Answer

    EMPLOYEE
    Posted Mar 24, 2015 03:39 AM

    On the wireless you put a rule in like this.

     

    user any udp 68 deny
    any any svc-dhcp permit

     

     



  • 3.  RE: how to stop rogue DHCP in the network
    Best Answer

    Posted Mar 24, 2015 06:01 AM

    And for the wired part - make sure that the VLAN you would like to protect on is passing trough your controller.

    and assign ACL role to that VLAN , it will do the trick . (user > any > udp 68 deny>) ... dont forget it will make your VLAN not trusted , so you will need to build a full ACL with allowed services.

    *You may also create an ACL to a spesefic PORT*

     

    read here more info:

    http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-a-port-or-a-VLAN-to-be-trusted-or-untrusted/ta-p/187924



  • 4.  RE: how to stop rogue DHCP in the network

    Posted Mar 24, 2015 06:44 AM

    HI,

     

    If you look at "logon-control" inbuild policy in Aruba box, first line is to stop DHCP server traffic from the client. "User any UDP 68 deny" means any traffic from a wireless client with dest port as UDP 68 should be denied. hence if any client working as a rouge DHCP will be blocked.

     

    For your ref :

    Logon-Control1.JPG

    Hope you got some more clarity on this.