- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
New DHCP Server Detected
Received an alert that a new DHCP server was detected.
It is a device that connected to the network via Wi-Fi... There are 3 SSIDs - the device is connected via one SSID that is on a specific VLAN, but the "new DHCP server" was given a different VLAN ID which is a duplicate to an existing VLAN.
There is a policy setting in the DHCP Server Configurations that allows or denies DHCP servers...
Would setting this to "Deny" affect the DHCP servers configured on the Firewall or does this only apply to end-devices that connect to the LAN?
Or should I just block that particular DHCP Server??
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @GFrazier ,
I 100% endorse @BlakeRichardson 's suggestion. It's always good practice to grab a packet capture to ascertain whether what you are seeing reflects the actual packets traversing a segment of the network.
I'd also add the for best practices it would be good to set the allowed DHCP servers, instead of trusting them all, to ensure you are protected against rogue servers. KB with best practices is here. Some more info around DHCP on the MS is here.
If you do this, make sure you are specifying all the DHCP servers you have in the network in the Allow list, to avoid the situation where clients may end up not getting an address from the right servers.
Hope this helps!
Giac
Appreciate who helps and be respectful of every opinion and every solution offered.
Share the love, especially the Meraki one!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@GFrazier : Check this thread
https://community.meraki.com/t5/Switching/New-DHCP-Server-detected/m-p/4850#M340
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks... thing with this is there actually is a device that is connected via Wi-Fi that is detected as a DHCP server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@GFrazier I would run a packet capture on the MR and see if that device is sending DHCP packets or not.
From my understanding the policy you are referring to shouldn't block the MX running as a DHCP server its for blocking 3rd party DHCP traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @GFrazier ,
I 100% endorse @BlakeRichardson 's suggestion. It's always good practice to grab a packet capture to ascertain whether what you are seeing reflects the actual packets traversing a segment of the network.
I'd also add the for best practices it would be good to set the allowed DHCP servers, instead of trusting them all, to ensure you are protected against rogue servers. KB with best practices is here. Some more info around DHCP on the MS is here.
If you do this, make sure you are specifying all the DHCP servers you have in the network in the Allow list, to avoid the situation where clients may end up not getting an address from the right servers.
Hope this helps!
Giac
Appreciate who helps and be respectful of every opinion and every solution offered.
Share the love, especially the Meraki one!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the info
@BlakeRichardson and @GiacomoS
Thanks you for clarifying the DHCP Blocking and sending the documents - I will run the packet capture and make the changes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@GFrazier : Good Luck buddy !
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com