Alta Labs switches allow for DHCP Guarding. DHCP guarding is a network security feature designed to protect against unauthorized or rogue DHCP servers within a network. In a typical network, a DHCP (Dynamic Host Configuration Protocol) server assigns IP addresses and network configuration parameters to devices automatically. However, if a rogue DHCP server—an unauthorized device or server providing DHCP services—is introduced into the network, it can disrupt normal operations by providing incorrect IP addresses, gateway settings, or DNS information. This can lead to network traffic being misrouted, security vulnerabilities, or even complete network outages. DHCP guarding prevents such disruptions by allowing network administrators to specify trusted DHCP servers on particular ports, ensuring that only valid DHCP responses are accepted, and blocking rogue DHCP offers from unauthorized sources.

NOTE: DHCP Guarding Automatic Mode only works on networks where the router shares the same MAC address between all VLANs, such as on Alta Labs Route10 networks. Manual mode, when configured with MAC addresses for all routers, can be used for other networks, as well. You simply need to input all applicable MAC addresses that DHCP Offers are sourced from, typically any and all LAN interfaces.

Options

Alta Labs offers 4 DHCP Guarding Options for switches:

• Disabled (Default) - No DHCP guarding is enabled
• Auto - Alta devices will determine the appropriate DHCP Server that will be allowed to provide DHCP services on the network and block all others.
  • If the switch is set for a dynamic/DHCP IP, the server that provided that dynamic address is considered trusted.
  • If the switch is set for a static IP, the device that is serving as the default gateway will be considered trusted.
• Manual - Provides a text box for the user to provide the MAC address(es) of the DHCP Server(s), which are then considered trusted DHCP Server and those will be allowed, all others will be blocked
• Auto + Manual - Combines the Automatic detection as well as allows for the entry of MAC address(es) for trusted DHCP Servers

How to Enable/Change

1. Start at the Settings tab at manage.alta.inc
2. Expand the Advanced section at the bottom
3. Locate the DHCP Guard option
4. Choose the desired option
   1. If you choose either Manual or Auto + Manual, you’ll need to supply the MAC address of the non-Alta DHCP Server that will be providing leases. This is typically the MAC address of the LAN side of your router.
5. The change takes effect immediately