helpfor option ping-check
Julie Xu
J.Xu at uws.edu.au
Mon Jul 1 01:40:19 UTC 2013
So looks like the client ID same on two PC is the problem someone manually setup like this? Please confirm.
-----Original Message-----
From: dhcp-users-bounces+j.xu=uws.edu.au at lists.isc.org [mailto:dhcp-users-bounces+j.xu=uws.edu.au at lists.isc.org] On Behalf Of A.L.M.Buxey at lboro.ac.uk
Sent: Monday, 1 July 2013 12:33 AM
To: Users of ISC DHCP
Subject: Re: helpfor option ping-check
Hi,
> There is no quick fix for this really, you need to identify each issue
> and then diagnose and remedy.
>
> There is possibly a fix but it needs to be implemented on the network
> side of things. If all of your clients are meant to be using DHCP then
> most modern managed switches have a feature called "DHCP Snooping"
> which will only allow the client to connect to the network if it sees
> DHCP address allocation take place. This way it will prevent anyone
> from manually configuring an IP address on their machine.
usually DHCP snooping ensures that an untrusted link cannot be the source of DHCP address allocations. the feature that stops clients doing things unless they got an address via DHCP is usually IP source guard (which relies on their address being present int he table smaintined by the DHCP snooping) - along with Dynamic ARP inspection (DAI) which also uses the DHCP snooping tables to check if the client address matches what its ARPing - no more poisoning clients with fake gateway details.
alan
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list