NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

msi's avatar
msi
Luminary
Jun 13, 2019

Wireless roaming and DHCP snooping - incompatible or tunable?

Hi there   I've tried enabling DHCP snooping on our M4300 switches but came to realize that this has rather caused me more issues than it prevented rogue DHCP servers in the network when it comes t...
msi's avatar
msi
Luminary
Jul 04, 2019

Although I'm still having an eye on it, I might have a potential solution - I was made aware about a specific options in another networking forum: In many cases, and mostly so with wireless APs, blocking a rogue DHCP server is usefuly while verifying the MAC address isn't, and in our case does seem to cause issues.

 

On M4300 "verification of the source MAC address with the client hardware address in the received DCHP message" is enable by default as soon as DHCP snooping is enabled globally (IPv4 or v6) and on the VLAN used by WiFi clients. It looks like roaming could actually cause the MAC verification to be tripped. The default value of with M4300 is actually inversed to the defaults in a number products from vendor with a bridge in its logo, however other vendors do have it enabled by default as well, it's not just a Netgear thing.

 

If you need to disable it, these are the options:

 

configure
no ip dhcp snooping verify mac-address
no ipv6 dhcp snooping verify mac-address

 

 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More