This weekend I ran into a problem where one customers network impacted the rest of the customers on the network. My customers get online by getting an IP address from DHCP, the problem was that one of our customer unwittingly plugged their canopy into a linksys on the wrong port and started serving out IPs to our customers. I can filter and redirect to my hearts desire on my switches and routers, but I am having a hard time keeping one customer’s network away from anothers. How can I keep one customer from accidentally overriding my dhcp server, etc.
We are currently implementing PPOE authentication into our system to fix the same problem. If anyone knows of a better way, please enlighten me.
In the Advance Network Configuration Section of the SM under ver. 7.2.9 of the software you can filter out DHCP server advertisements by checking the “BootP Server” filter. This should stop a user router from sending DHCP server packets to the Canopy network.
OK…I’ve set a test SM to filter out SMB, Bootp server and SNMP. Customers are assigned internal IP addresses but they can use PPPoE to get access to an external ip address if needed. Does this sound like a good idea or are there any better ones?
In regards to filtering out DHCP server advertisements by checking the “BootP Server” filter. Does the SM have to be in NAT mode for this to work?
No it does not have to be in NAT mode.
We filter the following without having them in NAT mode:
PPPoE (we have no use for that)
SMB
Bootp Server
IPv4 Multicast (no need for this either keeps things clean)
The bootp Server will fix your router plugged in backwards problem.
I use NAT on the SMs. Can’t afford all the IP address use otherwise.
I also add “All Others” to the filter list. This will block stuff like IPX, Appletalk, etc.