Solved

Another DHCP server (rogue, illegal) joined to network, the valid DHCP server stopped. How to avoid this?

Posted on 2015-01-13
7
276 Views
Last Modified: 2015-01-13
This is a Microsoft Small Business Server 2011 domain network.
A client connected their equipment (running Linux, DHCP server enabled) to our network. Because of this, "DHCP Server service" on SBS2011 stopped.

How can we avoid this in the future?

Thanks!!
0
Comment
Question by:techcity
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 300 total points
ID: 40547037
In general, it is difficult to use technology to prevent people from breaking policies. That is more of an HR issue. Take copying files, for example. If someone wants to do it, you can block USB drives, and they'll use their cellphone to take pictures.

But if you want to spend the money, a smart switch can block DHCP per-port. You can go further and block devices by MAC address or use 802.1X. Smart switches are definitely more expensive per port than unmanaged switches though, so be prepared for it.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 100 total points
ID: 40547049
Any ports that are not being used should always be in a disabled state on the switch to avoid them plugging in any devices.

Will.
0
 
LVL 10

Assisted Solution

by:Walter Padrón
Walter Padrón earned 100 total points
ID: 40547071
@Will Szymkowski i agree, but this doesn't avoid to unplug a device and plug another.

@techcity you can set an isolated network for your clients or put a router/smart switch between the client network and the internal network.
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40547076
Your clients should never be plugging into the same production network. Typically I would setup some sort of Guest Wifi for clients to connect to and have all physical port connections disabled unless otherwise needed.

Easy to isolate and low cost.

Will.
0
 
LVL 1

Author Comment

by:techcity
ID: 40547102
Thanks to you all for the prompt comments!
The idea about smart switches sounds great. We have a main switch and a few sub-switches, all of them are unmanaged ones. Should I replace all of them with smart switches or just the main switch?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40547161
My personal stance is that with modern threats, a managed switch is essential for any type of network management. From integrating with an IPS to forensics during and after an event to simple troubleshooting (broadcast storms, etc), a managed switch saves so much time so quickly that the ROI is rapid. I don't recommend unmanaged switches anywhere anymore.
0
 
LVL 1

Author Closing Comment

by:techcity
ID: 40548215
Got it. Thanks again!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now