Wireless Access

last person joined: 14 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

dhcp snooping and DAI in wireless

This thread has been viewed 7 times

  • 1.  dhcp snooping and DAI in wireless

    Posted May 30, 2014 01:35 PM

    i was just set up a wireless network for a school use aruba 7xxx series. the deploy model is master/local. the clients get ip from external  dhcp server .

     

    now, i meet a problem is,here someone is pretend a dhcp server in the network, i think it is a dhcp attack. is there any setting need to enable on controller to avoid this case happen?

     

    many thanks everyone give me some advices



  • 2.  RE: dhcp snooping and DAI in wireless
    Best Answer

    EMPLOYEE
    Posted May 30, 2014 01:58 PM

    If you are using the "logon-control" ACL in your user roles, there is an entry that blocks clients from serving DHCP addresses.

     

    logon-control-deny-udp68.png



  • 3.  RE: dhcp snooping and DAI in wireless

    Posted May 30, 2014 02:10 PM

    very appreciated...very helpful idea...but is there a way for mitigate man in middle attack? i mean that if some one pretend the gateway ip address, he will ruin the whole network...any setting on the controller ?



  • 4.  RE: dhcp snooping and DAI in wireless

    EMPLOYEE
    Posted May 30, 2014 02:13 PM

    There are two things you can do:

     

    1) Enable "Enforce DHCP" in your AAA profile. This will stop a user from entering the user table if they did not receive their address via DHCP

     

    2) Add your gateway addresses to the validuser ACL.



  • 5.  RE: dhcp snooping and DAI in wireless

    Posted May 30, 2014 02:17 PM

    ok...i try it later...thank you very much



  • 6.  RE: dhcp snooping and DAI in wireless

    EMPLOYEE
    Posted May 30, 2014 02:18 PM

    valid-user-deny-gateway.png

     

     

    enforce-dhcp.png