Hi,
I have an MX64 serving a small, remote office with three VLANs;
VLAN 1, MX IP = 192.168.1.1, DHCP enabled
VLAN 10, MX IP = 10.10.10.1, DHCP enabled
VLAN 23, MX IP = 192.168.23.1, DHCP enabled
MX Port 1 setup as trunk port, Native = 1, allowed = 10
MX Port 2 setup as access port, VLAN 23
Plugged into each MX port is a Unifi Switch with DHCP guarding enabled.
MX Port 1: switch guard allows DHCP requests only for 192.168.1.1 & 10.10.10.1
MX Port 2: switch guard allows DHCP requests only for 192.168.23.1
I got an alert on the Unifi switch plugged into MX port 1, that a rogue DHCP server was detected at 192.168.23.1 on VLAN 1. This DHCP server is of course the MX interface IP for that VLAN.
How can this happen? I have my MX firewall configured to deny all traffic to/from all these VLANs, so how can the switch on port 1 even detect a DHCP server on another VLAN if everything is blocked?
What am I missing? Thanks in advance.