Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

wlc 5508 layer2 security

Hi,

How can we enable layer 2 security (DAI,DHCP SNOOPING ...etc) on our wireless network?

Our wlc is 5508

 

  • Security and Network Management
3 REPLIES
VIP Purple

You need to implement those

You need to implement those feature in your switch network for wireless vlans if you really required these features.

This will give you an basic understanding of how DHCP snooping works

http://mrncciew.com/2012/12/27/understanding-dhcp-snooping/


I would suggest you to read "configuration guide" of the switch platform you are using to see more details of these two feature.

HTH

Rasika

**** Pls rate all useful responses ****

Hi  Manannalage,thanks for

Hi  Manannalage,

thanks for your reply.

but the problem is that the connection between WLC and the switch is TRUNK and allowed all wireless vlans ( almost 30 vlans) so any DHCP offer and REQUEST will be allowed as it's the trust interface !

P.s the SW acts like DHCP server.

VIP Purple

Just a point.Allo only

Just a point.

 

Check this doc, it may hlep you:http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch4_Secu.html

 

Allo only required VLANs on WLC connected port on Switch.

Example:

interface FastEthernet0/41
***description Cisco WLC ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5,8-10
switchport mode trunk
no shutdown

 

Regards

Dont forget to rate helpful posts

121
Views
0
Helpful
3
Replies
This widget could not be displayed.