Answer the question
In order to leave comments, you need to log in
Blocking other people's dhcp on the network. ACL or DHCP Server Screening?
Hello. I have a simple question that I can't find an answer to.
The situation is, you need to block other people's dhcp on the network.
Dlink hardware with ACL support.
Question. Is there a difference in the effectiveness of these two "tools" in protecting against other people's dhtsp in the network?
The first option is:
create access_profile ip udp src_port_mask 0xFFFF profile_id 1
config access_profile profile_id 1 add access_id 1 ip udp src_port 67 port 24 permit
config access_profile profile_id 1 add access_id 2 ip udp src_port 67 port 1 deny
And the second option:
config filter dhcp_server ports 1 state enable
config filter dhcp_server add permit ports 1:24
Answer the question
In order to leave comments, you need to log in
These tools are essentially identical, only the first takes place in the general table of rules, and the second does not, well, as an additional bonus, snmp trap is there for this.
You need access switches that include users to be able to dhcp snooping
Both options work the same.
Namely: the second option, after activation, makes the same ACLs (you can then see in the ACL list that the function has added rules). Simply + everything else and there is logging that the left DHCP server has been filtered.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question