No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

FAQ-How Do I Defend Against Bogus DHCP Servers at the User Side

Publication Date:  2015-06-16  |   Views:  698  |   Downloads:  0  |   Document ID:  EKB1000079088


Issue Description

How Do I Defend Against Bogus DHCP Servers at the User Side?


If a bogus DHCP server is deployed on a customer network, STAs may obtain invalid IP addresses from the bogus DHCP server but not from the AC or authorized DHCP server.

To defend against bogus DHCP servers, disable the DHCP trusted port on an AP in service set view. A DHCP server sends three types of DHCP packets: Offer, ACK, and NACK. When the AP receives any of these DHCP messages from a user-side interface, it considers the sender as a bogus DHCP server. The AP then discards the messages and reports the event to the AC over the CAPWAP tunnel.