Closed mitar closed 9 years ago
sreezon
commented
9 years ago It looks like it can only be done via ports (there's no other way to differentiate what a router is other than telling the switches what port it's on). We would have to enable it on that one port and disable it on everything else.
ahdinosaur
commented
9 years ago once upon a time this was configured, but the switches seem to reset their config when they feel like it. we did it by having the wire connected in the direction of the router always the highest (i think) physical port with that port allowing DHCP traffic and all other ports blocking DHCP traffic, so the physical ports might still be the same but the switch config may have been reset.
mitar
commented
9 years ago Hm. We should then document this and verify if physical ports are still connected in this way.
@sreezon101, can you do that? So:
sreezon
commented
9 years ago I'll do it friday night.
sreezon
commented
9 years ago I was able to do all of them except C3 because that switch is locked inside a box that I don't have a key to. Also, all DHCP traffic has been transferred to port 1 (and is only allowed on port 1), which is now the default gateway port of all the switches I configured.
mitar
commented
9 years ago Great!
@jmrtns, why is that one locked? Where is the key?
mitar
commented
9 years ago @sreezon101, can you do this? Did you get access to the locked cabinet?
ck2qsuZT
commented
9 years ago The cabinet is now unlocked so you can now configure it.
sreezon
commented
9 years ago All good.
Switches should be configured that DHCP traffic from non-router cannot go through. We should check all switches and see if this was configured. We should check if we can configure this per each port (so no non-router DHCP traffic can spread even around the same switch). Also, now that we moved IP range of the router, do we have to change anything on switches? Or is the rule based on the MAC address?