Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
761
Views
10
Helpful
1
Replies

WLan controller : ignore DHCP server ?

Go to solution
jrau
Level 1
Level 1

‎11-03-2021 09:14 AM

Hi guys,

 

We're trying to do some actions to improve the security in our company. We'd like to establish a whitelist of MAC addresses, to do so, we want to use the "Filters" function of our DHCP server ; by adding only the MAC addresses we trust in the "Allow" filter and then activate this filter, we should be able to achieve this goal.

Now, we often have visitors coming on site who need to have a Guest Internet Access. It's already defined in our WLan controller and it's working well but we noticed that it's contacting our DHCP to establish the connection so if we activate the DHCP filter, our visitors won't be able to connect to our Guest Access anymore.

I'd like to know if we can change the setting of our WLan so it "ignores" the DHCP but still gets an IP address and internet access. Do you think it's achievable ?

 

Thanks,

 

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎11-03-2021 01:05 PM

DHCP filters will not increase security, rather they will bring lot of management problems. Also you need to keep in mind that MAC randomization is enabled on most of the devices now.

For your Guest network you need to check on your DHCP server if you have an option to exclude it. If not create a new DHCP scope for the Guest network, this can be done in your WLC if supported but not recommended. Or you may have to look in to your infra where you can have a DHCP server for this network.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

View solution in original post

1 Reply 1

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎11-03-2021 01:05 PM

DHCP filters will not increase security, rather they will bring lot of management problems. Also you need to keep in mind that MAC randomization is enabled on most of the devices now.

For your Guest network you need to check on your DHCP server if you have an option to exclude it. If not create a new DHCP scope for the Guest network, this can be done in your WLC if supported but not recommended. Or you may have to look in to your infra where you can have a DHCP server for this network.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card