09-02-2014 11:47 AM - edited 07-05-2021 01:28 AM
Hi,
How can we enable layer 2 security (DAI,DHCP SNOOPING ...etc) on our wireless network?
Our wlc is 5508
09-02-2014 12:53 PM
You need to implement those feature in your switch network for wireless vlans if you really required these features.
This will give you an basic understanding of how DHCP snooping works
http://mrncciew.com/2012/12/27/understanding-dhcp-snooping/
I would suggest you to read "configuration guide" of the switch platform you are using to see more details of these two feature.
HTH
Rasika
**** Pls rate all useful responses ****
09-03-2014 12:39 AM
Hi Manannalage,
thanks for your reply.
but the problem is that the connection between WLC and the switch is TRUNK and allowed all wireless vlans ( almost 30 vlans) so any DHCP offer and REQUEST will be allowed as it's the trust interface !
P.s the SW acts like DHCP server.
09-03-2014 02:37 AM
Just a point.
Check this doc, it may hlep you:http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch4_Secu.html
Allo only required VLANs on WLC connected port on Switch.
Example:
interface FastEthernet0/41
***description Cisco WLC ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 5,8-10
switchport mode trunk
no shutdown
Regards
Dont forget to rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide