Meraki whitelist mac address12/24/2022 Port configuration settings allow you to disable a port and make several other useful changesĭetecting and disabling a rogue DHCP server is as simple as that. This immediately disconnects the device from your LAN. Port-level view of Godzilla, giving more details about the device.Ĭlick “Edit configuration” and disable the port servicing Godzilla. Click into the connected switch and drill down to the individual port. Simply search for Godzilla’s MAC address in the Monitor > Clients page to determine which switch and port it is connected to. If Godzilla were not an authorized DHCP server, we could easily contain it. This view provides the details of a DHCP server reply, including the IP address being offered to the connecting client and additional parameters such as lease time, subnet mask, default gateway, and DNS server information. View individual replies to client DHCP requests and learn what IP parameters may be corrupted. To get a more detailed view of any particular reply, you can click view packet: You can see Godzilla’s MAC address, as well as the VLANs and subnets it is servicing DHCP requests for. The image above shows that a device named Godzilla is replying to DHCP requests made by several clients on Meraki’s network. View a list of all network devices replying to DHCP requests for the last month. You can easily see if a non-authorized device is replying to DHCP requests from connecting clients. Meraki’s switches operate at the same TCP/IP layer as the DHCP protocol and record which devices are sending DHCP server traffic. This makes detecting rogue DHCP servers paramount, especially given the ease with which they can be deployed. Worse, if a setting such as the default gateway is maliciously defined, network security is immediately jeopardized but you may not immediately notice. If these parameters become corrupted, the smooth flow of network traffic can abruptly halt. After all, DHCP provides clients connecting to your network with IP addresses and configuration parameters such as subnet mask, default gateway, and DNS server information. But, while DHCP may often be treated like the proverbial ugly stepchild, neglecting DHCP security comes with significant risk. What could cause such catastrophic behavior? Rogue DHCP servers on your network.ĭHCP is one of those Layer 2 protocols you never notice until it crashes or misbehaves. Even worse: your network seems to be smoothly humming along, but you’ve been compromised unknowingly. It’s never fun when your network suddenly stops working, especially when the problem turns out to be more subtle than those configuration changes you just saved.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |