HPE Community
HPE Aruba Networking & ProVision-based
1834150 Members
2503 Online
110064 Solutions
New Discussion

Combining edge port isolation and core DHCP snooping

 
yopla
Occasional Contributor

‎02-27-2015 05:32 AM

‎02-27-2015 05:32 AM

Combining edge port isolation and core DHCP snooping

HEllo, In a Students boarding School with shared wired network, i'm facing many DHCP rogue problems. Because they want to extend LAN with their own wifi router (badly configured of course).

For easy mangement they are in the same subnet.

 

The porpose of network is for Internet access only (DHCP+proxy+firewall+content filter)
edge switches are 2510-48, they are all connected to a core switch 2810-24G.

first I tried port isolation on 2510 with protected-ports. This is better but seems there still are DHCP problems. I think that rogue Dhcp traffic go thru uplinks.

My question is, if I replace 2810 core with newer DHCP snooping compatible switch, will it be enough ?

 

Another idea would be to have 1 different VLAN per switch with different subnets, so no need to change core switch, but some more routing difficulties.

 

Thank for suggestions.

0 Kudos
1 REPLY 1
yopla
Occasional Contributor

‎03-03-2015 10:57 AM

‎03-03-2015 10:57 AM

Re: Combining edge port isolation and core DHCP snooping

Hello,

Back with maybe a simplier solution :

 

I've added filter source-port to prevent traffic beteween uplinks on the core 2810 switch.

This is a feature available on 2810 switch.

 

Maybe I'll do VLAN solution later for better management.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.