DHCP code in 2.0.4+

Alexander Clouter alex at digriz.org.uk
Mon Jun 8 00:26:30 CEST 2009

Arran Cudbard-Bell <a.cudbard-bell at sussex.ac.uk> wrote:
>> The better way to do this is get your network infrastructure to enforce 
>> this.  Even really old Cisco switches support DHCP snooping, I 
>> understand HP and other venduh's have their own similar thing.
> Yes. We have it enabled most of our smarter L2/3 switches on campus.
> Once it's combined with dynamic ARP protection or IP lockdown (like it
> can be on the ProCurve switches), then it makes life quite difficult for
> those statically assigning IPs.
> It's hideously broken on the 2600s though, doesn't process lease
> renewals properly. So ATM it's only good for preventing rogue DHCP
> servers, and little bits of compliance.
Wait till you look at the DHCP snooping on a Cisco WLC 4400.  It is so 
picky about enforcing DHCP, that if the client already has a lease, it 
cannot ask for a new one[1] until the already assigned one has expired.

Cisco's solution for the past year or so, have your leases cracked down 
to five minutes or less :-/


[1] say in the *ahem* uncommon *ahem* case that a client moves between 
	AP's or disconnects, reconnects...or hell even reboots their 

Alexander Clouter
.sigmonster says: Knowledge is power.
                  		-- Francis Bacon

More information about the Freeradius-Users mailing list