How can i filter out a router on the our wireless network that is giving out 192.168 address, and thus preventing customers getting a proper address?
We have a small wireless network so we can put the filter on the client radio. If there is a more central way of doing this I would be interested to know how.
I’m hoping to be able to filer just out going responses but I’m not sure of the proper ports etc.
Erik
If they’re all connected to a wireless network, just turn off default-forwarding
This stops users from being able to see each other.
Sometimes also known as “client separation”
default-forwarding (yes | no; default: yes) - to use data forwarding by default or not. If set to ‘no’, the registered clients will not be able to communicate with each other
You can also use the forward firewall rules to block DHCP requests headed TO a wireless client and replies coming FROM wireless clients.
I understand that default forwrding would prevent the dhcp issue on the ap but does it or can it prevent the problem accross several aps that are on the same subnet?
My thought was to use the fire wall but was unsure of what ports dhcp used for request and replys.
Thanks
Erik
DHCP discover message - The initial broadcast sent by the client to obtain a DHCP lease. It contains the client MAC address and computer name. This is a broadcast using 255.255.255.255 as the destination address and 0.0.0.0 as the source address. The request is sent, then the client waits one second for an offer. The request is repeated at 9, 13, and 16 second intervals with additional 0 to 1000 milliseconds of randomness. The attempt is repeated every 5 minutes thereafter.
The client uses its own port 68 as the source port with port 67 as the destination port on the server to send the request to the server. The server uses its own port 67 as the source port with port 68 as the destination port on the client to reply to the client. Therefore the server is listening and sending on its own port 67 and the client is listening and sending on its own port 68. This can be confusing when you consider which way the message is going. To be clear on this, I quote RFC 1531 which states “DHCP messages from a client to a server are sent to the ‘DHCP server’ port (67), and DHCP messages from a server to a client are sent to the ‘DHCP client’ port (68)”