DHCP Authentication

Simon Hobson dhcp1 at thehobsons.co.uk
Tue Jul 1 11:27:21 UTC 2008


Anders Rosendal wrote:

>If the network owner starts to implement features like dhcp-snooping 
>with "ip source guard" and "ip arp inspection" in the switches to 
>achive much greater security in the network your solution with dhcp 
>on non default ports will probebly fail totally. This since 
>dhcp-snooping in the switches probebly won't recognice your modified 
>dhcp communication.


Which brings up another point I'd missed. If you run DHCP on 
non-standard ports then you'll also need to run DHCP relay agents on 
non standard ports as well. This will effectively require an 
additional box on each subnet in this case to run the relay agent 
since the OP doesn't have administrative access to the routers.


More information about the dhcp-users mailing list