Hi,

mdaugomah11 · ‎09-29-2016

Greetings all,

I am fairly new to the Cisco Community and was wondering if anyone out there may be able to help me with a switch question. I work at a College campus, our issue is that the students WIFI routers DHCP signal is broadcasting back into our switches and onto the network. Sometimes it goes across campus, even into other buildings..

My question is, is there a command that will lock our switches down were the students cannot broadcast back to our swiches?

acampbell · ‎09-29-2016

Hi,

You need to look at the config guides for you switches and look at invoking DHCP-SNOOPING

Regards

Alex

Regards, Alex. Please rate useful posts.

mdaugomah11 · ‎09-30-2016

Thank you Alex for the advice, I will forward your comments to our Network Admin, he is kind of in the same situation I am in as far as switch experience.

devils_advocate · ‎09-30-2016

Is it policy to allow students to plug their own routers onto the network?

If you don't want them using their own routers/switches at all then look at Port Security.

If you simply want the home routers DHCP server not to dish out IP addresses then use DHCP Snooping as Alex says.

Your DHCP server and Trunk ports will be trusted interfaces and everything else (user ports) will be untrusted. DHCP snooping will prevent the users routers from dishing out IP addresses to your hosts.

I would stop them using their own routers full stop to be honest.

Can't be a very manageable environment if you have loads of SSID's, all overlapping etc.

mdaugomah11 · ‎09-30-2016

Thank you for the advice, I will forward your comments to our Network Admin, he is kind of in the same situation I am in as far as switch experience.

To answer your question though. Yes, it is policy here as our Wifi in the dorms cannot reach some of the students on the far ends of the buildings.

DNS and IP issues with campus switches