Xeronimo
asked on
How to avoid rogue DHCP servers?
Hi,
I had a DHCP problem in my network right now and the reason was that someone had plugged in his private Wifi router that started giving out IP address from its own range ...
How could I prevent (on a technical level) something like this happening again?
(Windows 2008 Domain)
Thank you!
I had a DHCP problem in my network right now and the reason was that someone had plugged in his private Wifi router that started giving out IP address from its own range ...
How could I prevent (on a technical level) something like this happening again?
(Windows 2008 Domain)
Thank you!
ASKER
Haha, yes!
As for authorization, my DHCP server (who's also a DC) has been authorized though ... and doesn't your link there only refer to DHCP servers that run on Windows servers? In my case it was a wifi router that started attributing IP addresses ... how would I prevent it from doing this?
As for authorization, my DHCP server (who's also a DC) has been authorized though ... and doesn't your link there only refer to DHCP servers that run on Windows servers? In my case it was a wifi router that started attributing IP addresses ... how would I prevent it from doing this?
Are you able to configure you network switches to block DHCP on all ports except that of the server?
ASKER
cwstad: I guess I should be able to do that, it's a HP ProCurve. But if not yet done something like that ... Is it similar to restricting traffic on firewalls?
I doubt if you can on that model. Our network guys have configured on CISCO equipment.
ASKER
Ok, I'll see what I can do!
If you use cisco switches, configure dhcp snooping on switchports to stop rogue dhcp servers.
If you can post the exact model of your switch, I can check if it supports DHCP snooping.
Tamas
Tamas
ASKER
Hi, it's a HP ProCurve 4240vl
Thanks!
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
here is the other way
http://technet.microsoft.com/en-us/library/cc754792.aspx