https://live.paloaltonetworks.com/t5/general-topics/alert-at-unauthorized-dhcp-server-activity/m-p/37916#M27757 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>It happens from time to time that students succeeds to connect a private router to our dorms network and it starts to propose leases that lead nowhere to our clients.</P><P></P><P>I wonder if my PA500 box can be configured to alert us if it discovers such DHCP lease proposals from other sources than our authorized DHCP servers?</P><P></P><P>Thanks for comments on this.</P><P></P><P>regards Tor</P></BODY></HTML> Fri, 08 Nov 2013 11:16:59 GMT LCMember4427 2013-11-08T11:16:59Z https://live.paloaltonetworks.com/t5/general-topics/alert-at-unauthorized-dhcp-server-activity/m-p/37916#M27757 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>It happens from time to time that students succeeds to connect a private router to our dorms network and it starts to propose leases that lead nowhere to our clients.</P><P></P><P>I wonder if my PA500 box can be configured to alert us if it discovers such DHCP lease proposals from other sources than our authorized DHCP servers?</P><P></P><P>Thanks for comments on this.</P><P></P><P>regards Tor</P></BODY></HTML> Fri, 08 Nov 2013 11:16:59 GMT https://live.paloaltonetworks.com/t5/general-topics/alert-at-unauthorized-dhcp-server-activity/m-p/37916#M27757 LCMember4427 2013-11-08T11:16:59Z https://live.paloaltonetworks.com/t5/general-topics/alert-at-unauthorized-dhcp-server-activity/m-p/37917#M27758 <HTML><HEAD></HEAD><BODY><P>IMHO - PA cant do that, but much better idea is to use You switch to dosn't let tem do it.</P><P>If You have managed switch please find <A href="http://en.wikipedia.org/wiki/DHCP_snooping">DHCP Snooping</A> funtion. This will protect your DHCP server and you network from such problem.</P><P></P><P></P><P>Regards</P><P>SLawek</P></BODY></HTML> Fri, 08 Nov 2013 13:33:58 GMT https://live.paloaltonetworks.com/t5/general-topics/alert-at-unauthorized-dhcp-server-activity/m-p/37917#M27758 _slv_ 2013-11-08T13:33:58Z https://live.paloaltonetworks.com/t5/general-topics/alert-at-unauthorized-dhcp-server-activity/m-p/37918#M27759 <HTML><HEAD></HEAD><BODY><P>DHCP Snooping and DCHP Relay is the way to go.</P><P></P><P>And while you are at it check up for the possibility to use private (or at least protected) vlans aswell.</P><P></P><P>Configuring the DHCP features of the switch should also end up with configuring DAI, IP Source Guard and Option82 for traceability.</P><P></P><P>Many switch vendors also have extra logging available to log when a rogue dhcp server is detected in the network (that is when you have already configured dchp snooping and dhcp relay which points out which the valid dhcp servers are).</P></BODY></HTML> Sun, 01 Dec 2013 16:57:00 GMT https://live.paloaltonetworks.com/t5/general-topics/alert-at-unauthorized-dhcp-server-activity/m-p/37918#M27759 mikand 2013-12-01T16:57:00Z