DHCP Authentication

Simon Hobson dhcp1 at thehobsons.co.uk
Mon Jun 30 14:53:56 UTC 2008


Marco Amadori wrote:

>Even if it seemed I wasn't talking about wireless network but a wired network
>where we cannot touch switches. Imagine a medium sized network (2000 nodes)
>where a lot of clients needs some kind of dhcp services from only from our
>server; other nodes exists which are not in our control (which could be
>either DHCP clients or servers) but which we should not interfere with.

In that case you do not have control of your network<period>

>So our clients needs to accept only dhcp anwers from the "right" server and
>our DHCP server needs to serve only the "good" clients.

Since you won't have control over many of your clients (eg embedded 
clients in devices you don't have the source to) this isn't something 
you can do at the client. The best you can do in your case is to run 
a program to listen for DHCP traffic from rogue servers and alert 
you. The fact that you don't have control of the switches doesn't 
stop this - DHCP traffic (at least in the initial stages) is 
broadcast and so will reach all parts of the network.


More information about the dhcp-users mailing list