09-29-2016 10:25 AM - edited 03-08-2019 07:37 AM
Greetings all,
I am fairly new to the Cisco Community and was wondering if anyone out there may be able to help me with a switch question. I work at a College campus, our issue is that the students WIFI routers DHCP signal is broadcasting back into our switches and onto the network. Sometimes it goes across campus, even into other buildings..
My question is, is there a command that will lock our switches down were the students cannot broadcast back to our swiches?
09-29-2016 01:05 PM
Hi,
You need to look at the config guides for you switches and look at invoking DHCP-SNOOPING
Regards
Alex
09-30-2016 07:13 AM
Thank you Alex for the advice, I will forward your comments to our Network Admin, he is kind of in the same situation I am in as far as switch experience.
09-30-2016 03:21 AM
Is it policy to allow students to plug their own routers onto the network?
If you don't want them using their own routers/switches at all then look at Port Security.
If you simply want the home routers DHCP server not to dish out IP addresses then use DHCP Snooping as Alex says.
Your DHCP server and Trunk ports will be trusted interfaces and everything else (user ports) will be untrusted. DHCP snooping will prevent the users routers from dishing out IP addresses to your hosts.
I would stop them using their own routers full stop to be honest.
Can't be a very manageable environment if you have loads of SSID's, all overlapping etc.
09-30-2016 07:12 AM
Thank you for the advice, I will forward your comments to our Network Admin, he is kind of in the same situation I am in as far as switch experience.
To answer your question though. Yes, it is policy here as our Wifi in the dorms cannot reach some of the students on the far ends of the buildings.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide