DHCP Authentication
Simon Hobson
dhcp1 at thehobsons.co.uk
Tue Jul 1 11:27:21 UTC 2008
Anders Rosendal wrote:
>If the network owner starts to implement features like dhcp-snooping
>with "ip source guard" and "ip arp inspection" in the switches to
>achive much greater security in the network your solution with dhcp
>on non default ports will probebly fail totally. This since
>dhcp-snooping in the switches probebly won't recognice your modified
>dhcp communication.
Which brings up another point I'd missed. If you run DHCP on
non-standard ports then you'll also need to run DHCP relay agents on
non standard ports as well. This will effectively require an
additional box on each subnet in this case to run the relay agent
since the OP doesn't have administrative access to the routers.
More information about the dhcp-users
mailing list