UniFi DHCP Guarding - How-to block rogue DHCP servers on your network

Рет қаралды 8,690

Күн бұрын

Пікірлер: 25

@JeanPierreWhite 11 ай бұрын

Great video. At our church Unifi periodically informs me of a duplicate IP address on our network. I have had no luck tracking down the rogue DHCP server. I'll be turning this on and presumably the rogue device will stop working and we will discover what it is and where it is lol.

@MatSmithLondon 10 ай бұрын

Or perhaps more likely when you turn this on, it will be more difficult to discover what this is, not less! Either way it's a useful tool to help keep devices on the network in the meantime...

@jakobholzner 11 ай бұрын

Would have loved to see some tries from another DHCP server trying to be it’s server

@smmaslanik 11 ай бұрын

Would like to hear your explanation of how DNS Shield works too.

@Moonraker11 11 ай бұрын

It's basically creating a secure HTTPS tunnel to either Google or Cloudflare to securely send DNS requests. DNS was one of the last core protocols that remained unencrypted...

@michaeldrankin 11 ай бұрын

This is great. Would love one on the EDGE series too!

@mtnsolutions 11 ай бұрын

Yeah buddy! Juniper switches come with dhcp guard enabled by default and all access ports are non trusted unless you specifically set them to trust the dhcp server. Can cause headaches if you don’t know but dhcp guard is great to keep in place

@Sjokoz 11 ай бұрын

Perfect timing. I am having issues with DHCP Guarding not working. I can see you have DHCP Snooping enabled (which I don't), is that a requirement?

@Phen10 24 күн бұрын

hi, does the Edgemax switches have this capability? I am not seeing it in the admin guide.

@Wahinies 11 ай бұрын

Yessss this is one of my favorite features because a couple of offices were crippled after somebody brought in Pitney Bowes postage meters that included nano routers by Tplink and these nano routers FORCED DHCP server to on in order to be DHCP CLIENTS like Wtf. Since then i have been adament about using DHCP guarding, snooping, inspection etc. but Unifis solution is bar none the easiest.

@jacksoncremean1664 11 ай бұрын

does this protect against arp spoofing, what about dynamic arp inspection?

@Avatar8o 14 күн бұрын

Do you have anything onnighthawk

@Moonraker11 11 ай бұрын

When you said switch did you mean router (i.e. UDM)?

@WillieHowe 11 ай бұрын

This is a switch function -- not a router function.

@davesilver5493 11 ай бұрын

DHCP Guarding is turned on on my default network but I have two VLANs that multicast two internal originated video feeds to two monitors. Do those VLAN networks need to have guarding on and if so is the IP address of the DHCP server the same as on the defailt network?

@d_must4309 11 ай бұрын

VLANs are separate networks, with their own DHCP server. DHCP Guarding on your default network is for that range only, it shouldn't be able to communicate with the VLANs

@peralm6190 11 ай бұрын

Can't get it to work. I connected an Asus router to the LAN port of my UDR. Then I accessed the WiFi on the Asus router and I connected and got an IP address. I have chosen DHCP Guarding for that network and also specified the UDR gateway address for that network as my DHCP server

@not2tired 7 ай бұрын

If I understand properly, anything connected directly to your Asus router will still get DHCP packets from the Asus router. However, the DHCP guarding will prevent DHCP packets from the Asus router from passing through your Unifi switches... so if you plug something into your Unifi switch, and the Asus router tries to give it an IP address, the DHCP guarding will drop that DHCP packets from your Unifi router will be what the new device will receive.

@PabloTBrave 8 ай бұрын

Whenever i turn on dhcp guarding i get multiple devices using the same IP

@maestr0play316 2 ай бұрын

That's good defence but you dont expect hackers can change thier IP

@JeremyLeik 11 ай бұрын

Will this still allow PXE booting?

@JasonsLabVideos 11 ай бұрын

Should, PXE doesn't have to do with DHCP hand out.

@JeremyLeik 11 ай бұрын

@@JasonsLabVideos I didn't think it would, but we all know sometimes vendors don't always follow specs well, so I thought it was a question worth asking.

@Wahinies 11 ай бұрын

It will because PXE boot is a DHCP option in the approved DHCP server identified here by IP.