cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
762
Views
10
Helpful
1
Replies

WLan controller : ignore DHCP server ?

jrau
Level 1
Level 1

Hi guys,

 

We're trying to do some actions to improve the security in our company. We'd like to establish a whitelist of MAC addresses, to do so, we want to use the "Filters" function of our DHCP server ; by adding only the MAC addresses we trust in the "Allow" filter and then activate this filter, we should be able to achieve this goal.

Now, we often have visitors coming on site who need to have a Guest Internet Access. It's already defined in our WLan controller and it's working well but we noticed that it's contacting our DHCP to establish the connection so if we activate the DHCP filter, our visitors won't be able to connect to our Guest Access anymore.

I'd like to know if we can change the setting of our WLan so it "ignores" the DHCP but still gets an IP address and internet access. Do you think it's achievable ?

 

Thanks,

 

Regards

1 Accepted Solution

Accepted Solutions

Arshad Safrulla
VIP Alumni
VIP Alumni

DHCP filters will not increase security, rather they will bring lot of management problems. Also you need to keep in mind that MAC randomization is enabled on most of the devices now.

For your Guest network you need to check on your DHCP server if you have an option to exclude it. If not create a new DHCP scope for the Guest network, this can be done in your WLC if supported but not recommended. Or you may have to look in to your infra where you can have a DHCP server for this network.

View solution in original post

1 Reply 1

Arshad Safrulla
VIP Alumni
VIP Alumni

DHCP filters will not increase security, rather they will bring lot of management problems. Also you need to keep in mind that MAC randomization is enabled on most of the devices now.

For your Guest network you need to check on your DHCP server if you have an option to exclude it. If not create a new DHCP scope for the Guest network, this can be done in your WLC if supported but not recommended. Or you may have to look in to your infra where you can have a DHCP server for this network.

Review Cisco Networking for a $25 gift card