Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Another DHCP server (rogue, illegal) joined to network, the valid DHCP server stopped. How to avoid this?

Posted on 2015-01-13
7
283 Views
Last Modified: 2015-01-13
This is a Microsoft Small Business Server 2011 domain network.
A client connected their equipment (running Linux, DHCP server enabled) to our network. Because of this, "DHCP Server service" on SBS2011 stopped.

How can we avoid this in the future?

Thanks!!
0
Comment
Question by:techcity
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 300 total points
ID: 40547037
In general, it is difficult to use technology to prevent people from breaking policies. That is more of an HR issue. Take copying files, for example. If someone wants to do it, you can block USB drives, and they'll use their cellphone to take pictures.

But if you want to spend the money, a smart switch can block DHCP per-port. You can go further and block devices by MAC address or use 802.1X. Smart switches are definitely more expensive per port than unmanaged switches though, so be prepared for it.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
ID: 40547049
Any ports that are not being used should always be in a disabled state on the switch to avoid them plugging in any devices.

Will.
0
 
LVL 10

Assisted Solution

by:Walter Padrón
Walter Padrón earned 100 total points
ID: 40547071
@Will Szymkowski i agree, but this doesn't avoid to unplug a device and plug another.

@techcity you can set an isolated network for your clients or put a router/smart switch between the client network and the internal network.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40547076
Your clients should never be plugging into the same production network. Typically I would setup some sort of Guest Wifi for clients to connect to and have all physical port connections disabled unless otherwise needed.

Easy to isolate and low cost.

Will.
0
 
LVL 1

Author Comment

by:techcity
ID: 40547102
Thanks to you all for the prompt comments!
The idea about smart switches sounds great. We have a main switch and a few sub-switches, all of them are unmanaged ones. Should I replace all of them with smart switches or just the main switch?
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40547161
My personal stance is that with modern threats, a managed switch is essential for any type of network management. From integrating with an IPS to forensics during and after an event to simple troubleshooting (broadcast storms, etc), a managed switch saves so much time so quickly that the ROI is rapid. I don't recommend unmanaged switches anywhere anymore.
0
 
LVL 1

Author Closing Comment

by:techcity
ID: 40548215
Got it. Thanks again!
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question