Blocking other people's dhcp on the network. ACL or DHCP Server Screening?

S

Stensed2015-11-25 00:38:29

Computer networks

Stensed, 2015-11-25 00:38:29

Hello. I have a simple question that I can't find an answer to.
The situation is, you need to block other people's dhcp on the network.
Dlink hardware with ACL support.
Question. Is there a difference in the effectiveness of these two "tools" in protecting against other people's dhtsp in the network?
The first option is:
create access_profile ip udp src_port_mask 0xFFFF profile_id 1
config access_profile profile_id 1 add access_id 1 ip udp src_port 67 port 24 permit
config access_profile profile_id 1 add access_id 2 ip udp src_port 67 port 1 deny
And the second option:
config filter dhcp_server ports 1 state enable
config filter dhcp_server add permit ports 1:24

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

M

mikes, 2015-11-25
@mikes

These tools are essentially identical, only the first takes place in the general table of rules, and the second does not, well, as an additional bonus, snmp trap is there for this.

D

Dmitry, 2015-11-25
@Tabletko

You need access switches that include users to be able to dhcp snooping

D

Dmitry Maksimenko, 2015-12-04
@mcdemon

Both options work the same.
Namely: the second option, after activation, makes the same ACLs (you can then see in the ACL list that the function has added rules). Simply + everything else and there is logging that the left DHCP server has been filtered.