Another DHCP server (rogue, illegal) joined to network, the valid DHCP server stopped. How to avoid this?

This is a Microsoft Small Business Server 2011 domain network.
A client connected their equipment (running Linux, DHCP server enabled) to our network. Because of this, "DHCP Server service" on SBS2011 stopped.

How can we avoid this in the future?

Thanks!!
LVL 1
Y YconsultantAsked:
Who is Participating?
 
Cliff GaliherCommented:
In general, it is difficult to use technology to prevent people from breaking policies. That is more of an HR issue. Take copying files, for example. If someone wants to do it, you can block USB drives, and they'll use their cellphone to take pictures.

But if you want to spend the money, a smart switch can block DHCP per-port. You can go further and block devices by MAC address or use 802.1X. Smart switches are definitely more expensive per port than unmanaged switches though, so be prepared for it.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Any ports that are not being used should always be in a disabled state on the switch to avoid them plugging in any devices.

Will.
0
 
Walter PadrónCommented:
@Will Szymkowski i agree, but this doesn't avoid to unplug a device and plug another.

@techcity you can set an isolated network for your clients or put a router/smart switch between the client network and the internal network.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Will SzymkowskiSenior Solution ArchitectCommented:
Your clients should never be plugging into the same production network. Typically I would setup some sort of Guest Wifi for clients to connect to and have all physical port connections disabled unless otherwise needed.

Easy to isolate and low cost.

Will.
0
 
Y YconsultantAuthor Commented:
Thanks to you all for the prompt comments!
The idea about smart switches sounds great. We have a main switch and a few sub-switches, all of them are unmanaged ones. Should I replace all of them with smart switches or just the main switch?
0
 
Cliff GaliherCommented:
My personal stance is that with modern threats, a managed switch is essential for any type of network management. From integrating with an IPS to forensics during and after an event to simple troubleshooting (broadcast storms, etc), a managed switch saves so much time so quickly that the ROI is rapid. I don't recommend unmanaged switches anywhere anymore.
0
 
Y YconsultantAuthor Commented:
Got it. Thanks again!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.