Preventing other DHCP devices to distribute false IP addresses in a network

Question

First of all, I'm no network administrator and have not much experience with networking, so if anything is unclear, please say so.

In a dormitory, every room has 1 LAN port. Some people prefer to use a wireless router instead of a LAN cable, but the DHCP server features in these routers are messing up the dormitory's network, distributing IP that people should not get. I'm not sure which type of Switch is in used in my dormitory. I don't have access to that critical area YET, but these switches should be able to take control and not letting other wireless routers to distribute false IP, right? Switches should be able to do that, right?

So I want to ask in advance to get some general basic idea. (I am negotiating with the dormitory owner) What are some of the things should I look for and do in this case?

Answer 1

Two key features of the network should be:

• a central switch provides DHCP to each individual room port
• it shouldn't pass DHCP from one port to the next...if this is happening, it sounds like your network isn't switched
• the wireless routers should just request an IP on their uplink/master port and serve DHCP on the wireless side, as well as on any other network ports they have

It would be very odd if it was configured differently.

From your question, it sounds much more likely that the issue is that people are connecting to the wrong wireless router (not through the wired network) and as a network admin there will be very little you can do about that other than advise people on how to secure their communications with their wireless router.

Answer 2

Which model of ethernet switch are you using? Some models do have the ability to block certain types of traffic, while others have the ability to separate each port properly so that things like DHCP servers (such as those included in many home wireless routers) won't have any effect.

Of course, these features usually come at a price, so you may need to upgrade existing equipment if it doesn't already support this type of functionality.

Answer 3

Your question is quite vague.

Are you concerned that a wireless router connected to the network is acting as a DHCP server? As said above a wireless router is connected (and will not function otherwise) to the WAN port of the router, which acts as a DHCP client to the network.

Answer 4

In the router configuration, you would normally disable the DCHP server in each of the routers to ensure you only have one which is normally your master server (Ie, if you are running a small windows network, it is normally your Domain Controller that acts as the DCHP Server)

It probably would be possible to configure each router and server (ie whatever is acting as a dhcp server) to give you correct addresses, providing that each is set to a different band, but that is not normally required or beneficial.

Answer 5

First of all check if there is a "Port Guard" options in your switch/router. There you can specify which port is trusted to work with DHCP. A Layer 2+ switch can do this.

Secondly if you don't have this you should block all incoming DHCP offers that aren't from your server IP. And make validation MAC-IP; iptables can do that.

Finally, you can use VLANs for that if your DHCP server supports that.