Wireless Access

Reply
Frequent Contributor II
Posts: 184
Registered: ‎04-17-2013

how to stop rogue DHCP in the network

Hi,

 

How can i stop rogue DHCP in the wired & wireless network?

 

Thanks in advance..

Aruba
Posts: 1,296
Registered: ‎08-29-2007

Re: how to stop rogue DHCP in the network

On the wireless you put a rule in like this.

 

user any udp 68 deny
any any svc-dhcp permit

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: how to stop rogue DHCP in the network

And for the wired part - make sure that the VLAN you would like to protect on is passing trough your controller.

and assign ACL role to that VLAN , it will do the trick . (user > any > udp 68 deny>) ... dont forget it will make your VLAN not trusted , so you will need to build a full ACL with allowed services.

*You may also create an ACL to a spesefic PORT*

 

read here more info:

http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-a-port-or-a-VLAN-to-be-trusted-or-untrusted/ta-p/187924

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: how to stop rogue DHCP in the network

HI,

 

If you look at "logon-control" inbuild policy in Aruba box, first line is to stop DHCP server traffic from the client. "User any UDP 68 deny" means any traffic from a wireless client with dest port as UDP 68 should be denied. hence if any client working as a rouge DHCP will be blocked.

 

For your ref :

Logon-Control1.JPG

Hope you got some more clarity on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Search Airheads
Showing results for 
Search instead for 
Did you mean: