Shulou(Shulou.com)06/01 Report--

Today's portable routers are very small and portable, and they are very popular because of their plug and play.

However, for the network administrators of the local area network, this little thing can do a lot of harm, such as:

Private devices bypass control and take up a lot of bandwidth resources.

Lead to IP address conflicts, affecting the normal operation of the network.

Provide illegal DHCP service so that other clients in the local area network get the wrong IP address.

I believe most network managers have been fooled by it. Today I'm going to share some common solutions. The most fundamental solution is to impose restrictions on the switch, mainly considering the following aspects:

The mac address of the switch port is bound to restrict the access of foreign devices.

The switch turns on the dhcp snooping function, which blocks untrusted dhcp broadcast packets.

However, the implementation of these functions of the switch requires hardware support, and the configuration and maintenance are relatively complex. So it is not easy for most users to implement. For a LAN environment without layer 3 switches, it is necessary to prevent private routers, not impossible misson. I have summarized the following points for your reference:

Modify the default IP address of the router. Most routers now default to 192.168.1.1 or 192.168.0.1. If you do not modify it, it is easy to conflict with the IP address of the privately connected router. It is suggested that it be modified to a similar IP segment of 172.16.0.1.

Configure IP-MAC bindings. After configuring IP-MAC binding on a gateway or switch device, none of the privately connected devices will be able to connect to the network. Naturally put an end to the idea of private equipment.

When there is a problem with the network, scan for private DHCP services or IP conflicts. You can quickly locate the problem.

An administrative order shall be issued to prohibit private access to network equipment, and violators shall be fined.

As long as you do the above, you no longer need to worry about private routers. As for tools such as IP-MAC binding and dhcp scanning, they can be easily implemented with WFilter. Here are some screenshots of related features:

DHCP scanning

Network health detection, can detect IP conflicts, ARP spoofing and other common network problems.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.