helpfor option ping-check
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Sun Jun 30 14:32:42 UTC 2013
Hi,
> There is no quick fix for this really, you need to identify each issue
> and then diagnose and remedy.
>
> There is possibly a fix but it needs to be implemented on the network
> side of things. If all of your clients are meant to be using DHCP then
> most modern managed switches have a feature called "DHCP Snooping"
> which will only allow the client to connect to the network if it sees
> DHCP address allocation take place. This way it will prevent anyone
> from manually configuring an IP address on their machine.
usually DHCP snooping ensures that an untrusted link cannot be the source of
DHCP address allocations. the feature that stops clients doing things unless
they got an address via DHCP is usually IP source guard (which relies on
their address being present int he table smaintined by the DHCP snooping) -
along with Dynamic ARP inspection (DAI) which also uses the DHCP snooping tables
to check if the client address matches what its ARPing - no more poisoning
clients with fake gateway details.
alan
More information about the dhcp-users
mailing list