...
To find any rogue DHCP servers as soon as they appear in your network, the DHCP Alert tool can be used. It will monitor the ethernet interface for all DHCP replies and check if this reply comes from a valid DHCP server. If a reply from an unknown DHCP server is detected, an alert gets triggered:
...
As DHCP replies can be unicast, the ' rogue DHCP detector ' may not receive any offer to other DHCP clients at all. To deal with this, the rogue DHCP detector acts as a DHCP client as well - it sends out DHCP discover requests once a minute.
| Note |
|---|
The DHCP alert is not recommended on devices that are configured as DHCP clients. Since the alert itself generates DHCP discovery packets, it can affect the operation of the DHCP client itself. Use this feature only on devices that are DHCP servers or using a static IP address. |
Sub-menu: /ip dhcp-server alert
Properties
| Property | Description |
|---|---|
| alert-timeout (none | time; Default: 1h) | Time after which the alert will be forgotten. If after that time the same server is detected, a new alert will be generated. If set to none timeout will never expire. |
| interface (string; Default: ) | Interface, on which to run rogue DHCP server finder. |
| on-alert (string; Default: ) | Script to run, when an unknown DHCP server is detected. |
| valid-server (string; Default: ) | List of MAC addresses of valid DHCP servers. |
Read-only properties
| Property | Description |
|---|---|
| unknown-server (string) | List of MAC addresses of detected unknown DHCP servers. The server is removed from this list after alert-timeout |
Menu specific commands
| Property | Description |
|---|---|
| reset-alert (id) | Clear all alerts on an interface |
DHCP Options
Sub-menu: /ip dhcp-server option
...