Re: BBSM 52 competing with another DHCP server

fpineda · ‎05-13-2004

I've had 2 occasions now where a PC plugged into the network has a DHCP server service running. This of course, will eventually bring the network down.

How can this be prevented?

Thanks

mvoight · ‎05-18-2004

Are you asking what happens if you put another DHCP server on the same network as the clients or the server? It would not be an issue if the other DHCP server was on a different segment than the clients since the requests are forwarded to the server via unicast. There really isn't much you can do if you have another server on the same network segments as the clients, since most clients would simply broadcast and then accept the first offer they receive.

steve.busby · ‎05-19-2004

"How can this be prevented?"

Don't bring up another DHCP server? Seriously, what kind of policies does your company have concerning servers and services brought online? What about training your users not to do these types of things?

fpineda · ‎05-19-2004

Your tone sounds a bit condescending......

This is a set up for a business resort hotel. And BBSM, of course, regulates their internet access and charges them. BBSM is used in various environments like hotels or cruise ships. BBSM in essence is to help the layman get a strange PC online. This is NOT a fixed work environment. So they get guests of all different technical backgrounds there, from none to professional. They quite possibly could have 1200 different PC's there in a month.

So am I supposed to have them sign a waiver that they aren't running a DHCP server on their laptops? Or perhaps have them check it into the IT dept of the resort first? Half of the executives are only using laptops that their IT staff set up for them.

This has happened and will happen because of the nature of Windows2000 DHCP services. Either by hotel guests unknowingly, or even hackers.

I simply asked if there is a way this can be prevented.... Because I don't have an answer and was hoping other that have had this issue might. If you don't have any useful information, then please don't post and keep your comments to yourself.

So seriously.... what kind of person tried to put down another netwoking professional?

mvoight · ‎05-19-2004

I am hoping the condescending issue was in response to the second reply and not to mine.

I am more familiar with CDDM and CNR, not BBSM, but there is nothing a DHCP server can do to stop another DHCP server from assigning addresses on a lan segment.

That is not part of the protocol.

Now, there is nothing that prevents a client dhcp application from determining which servers it will accept responsed from, but it doesn't sound like you will have any control over the dhcp client application they will be using, so that is a moot point.

steve.busby · ‎05-20-2004

My comments weren't meant to be condescending. I apologize if they came across that way.

As you've indicated, rogue DHCP servers are the nature of windows DHCP services. The only way to mitigate that risk is to limit those broadcasts to each individual VLAN and not allow DHCP requests to traverse your network. Of course you still have to deal with the rogue DHCP server handing out addresses to systems inside their own VLAN.

Depending on your equipment one option might be to use private VLANs. Here's an overview link:

http://www.cisco.com/en/US/tech/tk389/tk814/tk841/tech_protocol_home.html

and with more detail including ACLs:

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml