I have a network with Hotspot set up. Most works fine but at times have clients that play around with their ADSL routers from previous providers and they use only the LAN side to connect to my network and their PC. Usually by default most of these have DHCP server enabled. Off course does my network also have DCHP server enabled and on top of it does the Hotspot system also wants to assing ip adresses.
This (unknown for me) second DHCP server obstructs my network and legitimate client that re-associate get different network ip´s assigned and can´t log into the hotspot any more. It also creates at times network storms wich brings the whole network down.
It need hours to trace down where to find the illegal DHCP server. Is there no way to block illegal DHCP server in general?
Authoriative is on by default, with 2 secs delay. Still have that problem.
Actually, if I read up in the reference manual it explain the dhcp server will wait now for 2 secs for the client to come back with an ip request again. If it has been assigned an ip from another dhcp server it will not come back. So then the clients doesn´t get an ip from my server?
But actually the explanation in the ref. manual doesn´t make sense to me.
Don’t fight the caused problems.
Avoid the root of the cause.
ie.:
DonÄt do weird firewalling
Instead apply proper user isolation.
VLANs, EoIP/VPLS Tunnels and Horizon Bridging/Private VLAN Edge(PVE) are your friends.
A proper Port/User Isolation only allows the clients to communicate with your Hotspot.
A communication between the clients is NOT possible. Thus meaning a fraud DHCP-Server won’t affect the other users.
This way you also will be able to supress MAC-Spoofing, which a user can abuse the steal another user’s Hotspot session.
There is absolutely no need to do weird firewalling at the users site.