Wired Intelligent Edge

 View Only
Back to discussions
Expand all | Collapse all

Combining edge port isolation and core DHCP snooping

This thread has been viewed 0 times

  • 1.  Combining edge port isolation and core DHCP snooping

    Posted Feb 27, 2015 08:32 AM

    HEllo, In a Students boarding School with shared wired network, i'm facing many DHCP rogue problems. Because they want to extend LAN with their own wifi router (badly configured of course).

    For easy mangement they are in the same subnet.

     

    The porpose of network is for Internet access only (DHCP+proxy+firewall+content filter)
    edge switches are 2510-48, they are all connected to a core switch 2810-24G.

    first I tried port isolation on 2510 with protected-ports. This is better but seems there still are DHCP problems. I think that rogue Dhcp traffic go thru uplinks.

    My question is, if I replace 2810 core with newer DHCP snooping compatible switch, will it be enough ?

     

    Another idea would be to have 1 different VLAN per switch with different subnets, so no need to change core switch, but some more routing difficulties.

     

    Thank for suggestions.



  • 2.  RE: Combining edge port isolation and core DHCP snooping

    Posted Mar 03, 2015 01:58 PM

    Hello,

    Back with maybe a simplier solution :

     

    I've added filter source-port to prevent traffic beteween uplinks on the core 2810 switch.

    This is a feature available on 2810 switch.

     

    Maybe I'll do VLAN solution later for better management.



Related Content