cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

296
Views
5
Helpful
6
Replies
Beginner

Cisco WLC Wi-Fi network: How to prevent someone running a spurious (rogue) DHCP server?

I have some LWAPPs running off of a Cisco WLC. How can I prevent someone from running a rogue DHCP server off the WLAN and causing an outage for Wi-Fi clients?

Everyone's tags (1)
6 REPLIES 6
VIP Advisor

Re: Cisco WLC Wi-Fi network: How to prevent someone running a spurious (rogue) DHCP server?

 dhcp snooping config is the remediation for you.

BB
*** Rate All Helpful Responses ***
Beginner

Re: Cisco WLC Wi-Fi network: How to prevent someone running a spurious (rogue) DHCP server?

Hi Balaji,

Where would I configure that on the WLC?

 

Sam

Hall of Fame Community Legend

Re: Cisco WLC Wi-Fi network: How to prevent someone running a spurious (rogue) DHCP server?

Turn on DHCP snooping in your network.
VIP Advocate

Re: Cisco WLC Wi-Fi network: How to prevent someone running a spurious (rogue) DHCP server?

Configure the DHCP server on the virtual-interface. I think if you do that, the WLC will automatically forward the DHCP packets to only that one IP address. The rogue DHCP should not even hear the DHCP Request that way. I haven't tested it though :)
VIP Mentor

Re: Cisco WLC Wi-Fi network: How to prevent someone running a spurious (rogue) DHCP server?

DHCP Snooping is the solution & here how you can implement it

https://mrncciew.com/2012/12/27/understanding-dhcp-snooping/

 

HTH

Rasika

*** Pls rate all useful responses ***

Highlighted
VIP Advocate

Re: Cisco WLC Wi-Fi network: How to prevent someone running a spurious (rogue) DHCP server?

Is DHCP snooping in the case of Wireless really needed?

I mean, the WLC doesn't forward broadcasts by default and thus a rogue DHCP server on WLAN shouldn't cause any issues (unless the not recommended broadcast forwarding was enabled). Or did I miss something here?

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards