wlc 5508 layer2 security

Mohamed ElHoussini · ‎09-02-2014

Hi,

How can we enable layer 2 security (DAI,DHCP SNOOPING ...etc) on our wireless network?

Our wlc is 5508

Rasika Nayanajith · ‎09-02-2014

You need to implement those feature in your switch network for wireless vlans if you really required these features.

This will give you an basic understanding of how DHCP snooping works

http://mrncciew.com/2012/12/27/understanding-dhcp-snooping/

I would suggest you to read "configuration guide" of the switch platform you are using to see more details of these two feature.

HTH

Rasika

**** Pls rate all useful responses ****

Mohamed ElHoussini · ‎09-03-2014

Hi Manannalage,

thanks for your reply.

but the problem is that the connection between WLC and the switch is TRUNK and allowed all wireless vlans ( almost 30 vlans) so any DHCP offer and REQUEST will be allowed as it's the trust interface !

P.s the SW acts like DHCP server.

Sandeep Choudhary · ‎09-03-2014

Just a point.

Check this doc, it may hlep you:http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch4_Secu.html

Allo only required VLANs on WLC connected port on Switch.

Example:

interface FastEthernet0/41
***description Cisco WLC ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5,8-10
switchport mode trunk
no shutdown

Regards

Dont forget to rate helpful posts