DHCP code in 2.0.4+
Alexander Clouter
alex at digriz.org.uk
Mon Jun 8 00:26:30 CEST 2009
Arran Cudbard-Bell <a.cudbard-bell at sussex.ac.uk> wrote:
>
>> The better way to do this is get your network infrastructure to enforce
>> this. Even really old Cisco switches support DHCP snooping, I
>> understand HP and other venduh's have their own similar thing.
>>
> Yes. We have it enabled most of our smarter L2/3 switches on campus.
> Once it's combined with dynamic ARP protection or IP lockdown (like it
> can be on the ProCurve switches), then it makes life quite difficult for
> those statically assigning IPs.
>
> It's hideously broken on the 2600s though, doesn't process lease
> renewals properly. So ATM it's only good for preventing rogue DHCP
> servers, and little bits of compliance.
>
Wait till you look at the DHCP snooping on a Cisco WLC 4400. It is so
picky about enforcing DHCP, that if the client already has a lease, it
cannot ask for a new one[1] until the already assigned one has expired.
Cisco's solution for the past year or so, have your leases cracked down
to five minutes or less :-/
Cheers
[1] say in the *ahem* uncommon *ahem* case that a client moves between
AP's or disconnects, reconnects...or hell even reboots their
computer
--
Alexander Clouter
.sigmonster says: Knowledge is power.
-- Francis Bacon
More information about the Freeradius-Users
mailing list