Virtual router

samgbuyi
Getting noticed

Virtual router

recently i came across an app "connectifiy" working as DHCP on my network

although have been able to block the MAC that the app is transmitting DHCP from but how can one stop or block virtual routers entirely??????????????????????

3 Replies 3
AjitKumar
Head in the Cloud

Hi @samgbuyi 

You may consider enabling DHCP Snooping on switches and stop unauthorized DHCP Servers in your network.

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
BrechtSchamp
Kind of a big deal

Indeed, what @AjitKumar said. It's documented here:

https://documentation.meraki.com/MS/Monitoring_and_Reporting/MS_DHCP_Servers#Blocking_DHCP_Servers

 

You need a Meraki switch to do it though.

 

The functionality to block them is not present in the MX. The MX can only report when it sees another DHCP server in a subnet for which it is DHCP server itself. See Network-Wide > Alerts.

jdsilva
Kind of a big deal

The question you're asking, I think, can be more generally stated to be "How can you control what devices connect to your network (virtual or real)?", and the current solution is 802.1x. The downside is that implementing .1x isn't a light lift, but if you truly want to stop devices from connecting then this would be how. 

 

As an alternative, perhaps MAC Whitelisting or Sticky MAC fits your environment. These features define a list of MACs that are allowed on a given port, and rejects traffic from other MACs. It's hard to manage in large environments, but for smaller deployments it can be a quick and easy way to implement a basic level of port security.

 

If, as @AjitKumar suggest, you just want to stop rogue DHCP servers then DHCP snooping is a much easier feature to implement.  

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels