INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

backwards router issue

backwards router issue

(OP)
Hi,

We run the network on a student residence. We are using 8600 for routing and Baystack 470 at the access layer. Each student room has a network jack that goes back to a port on the 470 stacks in the IT closets. We run DHCP on these networks.
Here is where we are having a problem. Students move in and hook up their home router to the network jack in the room. For the most part this is not a problem, except that there are always students that end up hooking up the LAN port of their home router to the network jack. Causing their router to start advertising itself on our network, and other students computers start getting their dhcp leases from the culprit home router instead of our dhcp server. Needless to say no one is doing any surfing as the WAN port of the culprit router is connected to the problem students PC.
Using wire shark we can sniff the traffic find the problem user and shut down his port and the other students start getting their addresses from our server again.
Is there something we can do to prevent this from happening? Ideas are very welcome.

Thank you.

RE: backwards router issue

Yes, this is what DHCP snooping is for.

I think you only need to put it on the Access switches. Hopefully the Baystack 470s support this.

Here is what it looks like on 4500/5500 config:

! *** DHCP SNOOPING ***
!
ip dhcp-snooping
no ip dhcp-snooping vlan
ip dhcp-snooping vlan 22
ip dhcp-snooping vlan 32
interface FastEthernet ALL
default ip dhcp-snooping
ip dhcp-snooping port 1/48,2/48 trusted
exit

Pretty self-explanatory - you enable DHCP snooping on all the ports, then identify your uplinks as "Trusted".

I recently had an issue on some switches with the DHCP-forwarding modifying the DHCP request and this was causing Snooping to drop them. So if it doesn't work, look and see in the logs what it is doing.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close