DHCP snooping with wirelss AP

Unanswered Question
Jul 30th, 2009

Hi Experts,


I have configured 3560 in L3 mode and it is working perfectly. No issue is found.


Recently i have configured DHCP SNOOPING & IP VERIFY SOURCE in all the ports of the switch for enabling anti spoofing. It is also working perfectly as getting the IP address from the DHCP server and not allowing the users to assign the IP Address on their own. They have to configure the PCs to get the IP Address only from DHCP server which is trusted port of the 3560 Switch


At this moment, I have a few CISCO 1310 Autonomous wireless Access points also connected to CE500 switch which is connected to this 3560 switch.


The requirement and the issue is I want these Access points to have static IP address and not from DHCP server. But the clients connecting to these Access points should get the IP address from the DHCP Server. These clients should not be able to assign the IP Address on their own, Even if they do so they should not be able to access the network, similar to they I configured the 3560 switch ports.


Hope the description is clear to understand.Kindly help me how to go with


sairam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Peter Paluch Fri, 07/31/2009 - 00:48

Hello Sairam,


I suggest you connect your APs to the 3560 switch using trunk ports. The APs themselves should placed in some VLAN, say, 100, while the wireless clients should be placed in a different VLAN. Then, turn on the IP Source Guard on the trunk only for the wireless client VLAN.


Best regards,

Peter


Actions

This Discussion