DHCP Authentication
Chuck Anderson
cra at WPI.EDU
Tue Jul 1 13:42:56 UTC 2008
On Tue, Jul 01, 2008 at 12:27:21PM +0100, Simon Hobson wrote:
> Anders Rosendal wrote:
>
>> If the network owner starts to implement features like dhcp-snooping with
>> "ip source guard" and "ip arp inspection" in the switches to achive much
>> greater security in the network your solution with dhcp on non default
>> ports will probebly fail totally. This since dhcp-snooping in the switches
>> probebly won't recognice your modified dhcp communication.
>
>
> Which brings up another point I'd missed. If you run DHCP on non-standard
> ports then you'll also need to run DHCP relay agents on non standard ports
> as well. This will effectively require an additional box on each subnet in
> this case to run the relay agent since the OP doesn't have administrative
> access to the routers.
I'm assuming you are going to be using your own IP addressing for the
embedded devices, separate from the network's main IP addressing plan?
If there are routers in the network, you have much bigger problems
than requiring your own relay agents on the modified UDP port. Your
custom DHCP server will not know about the subnetting of the
underlying network, and so it won't know to serve multiple subnets
with their associated netmasks and default gateways.
More information about the dhcp-users
mailing list