Hi
Protecting from both rogue IPv6 and IPv4 DHCP servers with DHCP snooping looks like a good thing to do - usually, however while thinking on how it works and experimenting with it I came to realize that it in theory and also in reality it does impact roaming for wireless clients on APs that are connected to a switch that has DHCP snooping enabled on the given VLANs. (Considering the APs are not using any tunneling protocols like CAPWAP, more how UniFi APs work)
The DHCP binding is registered to the switch on the port the wireless client has connected to first and thus gets denied after roaming to another AP on the same switch.
I've come across a Cisco forum where they discuss a possible workaround with 'authentication mac-move permit', however my switches are not from Cisco and I've tried to think out-of-box how others might have searched on that
TL;DR: Is there a way to protect from rogue DHCP servers in wireless environments or is DHCP snooping (by default) asking for trouble in such situations?
No comments:
Post a Comment