DHCP Server guard and DHCP Source guard - Wireless CCNP
I am studying for the CCNP Wireless exam and I am trying to figure out some things that seem very similar and I want to verify my understanding of the topics. I've done quite a bit of reading already and I am suspecting that some terms are being used interchangeably so here I am asking you guys to clarify. I am aware that security features mentioned are available on wired side however, note that this is for a Wireless certification so I am really interested on wlc/ap configuration and features.
I see two issues when it comes to DHCP address assignment.
#1 Where DHCP offers comes from (port) - sort of L2 protection
#2 What IP DHCP offers come from (source IP) - sort of L3 protection
I relate these things to DHCP snooping and IP source guard on the wired side and am searching for Wireless options.
I wonder if it is even possible to set up or logical to talk about L2 protection on the wireless side. Is ensuring that DHCP offers are coming from a valid DHCP server IP address good enough? Let me know some thoughts on these before me move to the actual features.
There are these two topics related to DHCP security features (I noticed one is general IPv4 I suppose and the other is IPv6. However, I assume we can generalise things for the sake of understanding and be more specific when discussing configuration options):
DHCP Server Guard
DHCPv6 Source Guard - In the Cisco documentation: "... feature prevents wireless clients from handing out IPv6 addresses to other wireless clients or wired clients upstream." Which setting on the WLC is related to this on WLC? No configuration found.
It seems to me that DHCP Server Guard and DHCP Source guard are the same things used interchangeably. I am still not sure what setting on the WLC controls these.
I wonder if the DHCP Address Assignment Required solves both of the problems mentioned. And if DHCP Source Guard and DHCP Server Guard exist for both IPv4 and IPv6 on WLC.
Re: DHCP Server guard and DHCP Source guard - Wireless CCNP
Never seen those settings on the WLC, but it's possible that the WLC by default filters out DHCP server packets from the clients. To make it a bit more complicate, the WLC can also act as a DHCP proxy, where the Offers have the WLC as the source MAC.
If you configure a virtual interface on the WLC, one of the fields you can fill out is the DHCP server. If that is filled out and DHCP Addr Assignement Required not enabled, then the WLC will forward all DHCP packets to that server. As there is no Broadcast on Wireless (which DHCP would require), a wireless client can't play DHCP server (normally).
Dear Friends, I have to upgrade IOS in 5520, here my question was how to identify which FUS was installed in the WLC.GUI ----Software Version 18.104.22.168Emergency Image Version 22.214.171.124 -------sh sysinfo Product Version....................
Security has become one of the greatest concerns for every company alike. The industry is moving towards a fast paced and customer-oriented network infrastructure which automatically increases the vulnerabilities a network is exposed to. As the industry t...
We got some new Apple Macbook Air, when connected to wifi, we found the link speed was only 54Mbits, but other laptops like DELL or Panasonic were working fine, the link speed was at least 800 Mbits. we are using Cisco WLC 5504 and 2702I ap.and the funny ...
In today’s world where business needs to be up and available 24X7, one of the major challenges faced by a lot of companies is the seamless uptime of their network infrastructure. Any company’s primary focus is always on keeping its infrastructure ready fo...