Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
5
Helpful
6
Replies

Cisco WLC Wi-Fi network: How to prevent someone running a spurious (rogue) DHCP server?

Sam Brynes
Level 1
Level 1

‎09-11-2019 05:08 PM - edited ‎07-05-2021 10:59 AM

I have some LWAPPs running off of a Cisco WLC. How can I prevent someone from running a rogue DHCP server off the WLAN and causing an outage for Wi-Fi clients?

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎09-11-2019 05:41 PM

 dhcp snooping config is the remediation for you.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Sam Brynes
Level 1
Level 1
In response to balaji.bandi

‎09-11-2019 05:47 PM

Hi Balaji,

Where would I configure that on the WLC?

 

Sam

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-11-2019 11:59 PM

Turn on DHCP snooping in your network.
0 Helpful

patoberli
VIP Alumni
VIP Alumni

‎09-12-2019 08:11 AM

Configure the DHCP server on the virtual-interface. I think if you do that, the WLC will automatically forward the DHCP packets to only that one IP address. The rogue DHCP should not even hear the DHCP Request that way. I haven't tested it though :)
0 Helpful

Rasika Nayanajith
VIP
VIP

‎09-12-2019 12:34 PM

DHCP Snooping is the solution & here how you can implement it

https://mrncciew.com/2012/12/27/understanding-dhcp-snooping/

 

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to Rasika Nayanajith

‎09-12-2019 10:58 PM

Is DHCP snooping in the case of Wireless really needed?

I mean, the WLC doesn't forward broadcasts by default and thus a rogue DHCP server on WLAN shouldn't cause any issues (unless the not recommended broadcast forwarding was enabled). Or did I miss something here?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card