This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to block Rogue DHCP Servers on the connected clients

How to block Rogue DHCP Servers on the connected clients

Go to solution
george_margarit
New Contributor

‎04-20-2018 09:04 AM

Looking to block DHCP Offers from connected clients.

From: Any (client)

To: Any

Source port: 67

Destination Port: 68

Protocol : UDP

Action: Block

Everything else: Permit

 

Can i have some guidance on how to set this up, so I don't also block DHCP Offers from our DHCP Server?

Thanks

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
AnonymousM
Valued Contributor II

‎04-24-2018 09:27 AM

Your source and destination ports look good, this is traffic from a dhcp server back to the client. So creating a rule like this is straight forward - the trick is to apply it on traffic FROM any client, and not the other way.

  • Classic: From-Access
  • NG: Outbound Traffic

 

On NG it should look like this:

7054be361cbe40a888455b5579cb2484_0690c000006V0iXAAS.png

 

I still highly recommend to test this first.

 

Hope this helps.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
nlowe
New Contributor III

‎04-25-2018 09:30 AM

Hi all,

 

Have you tried running a rogue DHCP server?

 

In the feature branch of HiveOS, you should observe enabled by default:

 

forwarding-engine dhcp-shield enable

 

forwarding-engine arp-shield enable

 

These have to be switched off by supplemental CLI if they are not wanted.

 

Cheers,

 

Nick

0 Kudos

Go to solution
george_margarit
New Contributor

‎04-24-2018 11:12 AM

Cool, thanks.

0 Kudos

Go to solution
AnonymousM
Valued Contributor II

‎04-24-2018 10:57 AM

Ah, that ICMPv6 / Multicast, which is a bit tricky with Aerohive... I suggest to open a new thread explicitly for this topic. Hopefully someone else will jump on it 😉

0 Kudos

Go to solution
george_margarit
New Contributor

‎04-24-2018 10:34 AM

Thanks Carsten.

It's only been a week using Aerohive and navigating through the GUI is still a tricky.

 

I have created that exact policy on your screenshot, but was finding tricky to make sure where to 'apply' this and the User Profiles (IP Firewall -> From-access) is the answer here.

 

As a follow up, do we have an option to similarly block IPv6 Router-Advertisements?

It's not on the list of network services (under that name at least).

 

0 Kudos
GTM-P2G8KFN