this post was submitted on 07 Sep 2024
2 points (100.0% liked)
Technology
59651 readers
2640 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why does the dhcp on the router affect the main network? I'd think that way it only needs to deal with the router, as opposed to all the devices connected to the router if it's passthrough?
Because that router will be broadcasting DHCP signals and offering IPs, conflicting with the authorized DHCP servers on the network. This wiki article will probably explain it better. I’m not so good with the words a such.
Here’s hoping these downvoters aren’t in charge of any networks. Not really sure what part of “a router is a DHCP server” you geniuses don’t understand.
A consumer router only operates DHCP on the LAN side. Presumably one would plug the WAN side into the university network, making this a non-issue.
Some of my other replies address that. Worked in IT on a college campus, and every class will have at least a few clueless users who just plug the cables into the LAN ports.
Makes sense. Would that not be trivially mitigated by just blocking dhcp responses from unapproved servers on the switch though?
Should be, yes. At that point it’s a question of how well the network was configured. I’d hope this wouldn’t be much of an issue these days - I did graduate from college in 2011, and I’m sure (hopeful) campus networks have improved since my student IT job days. These days my router config experience is from the ISP side. The only private network I’m responsible for is my own, thankfully!
I went to college in the mid-late 2010s and I recall they specifically banned WiFi routers, but when I checked what they meant specifically all they cared was that it didn’t broadcast on the 2.4 or 5 ghz spectrum and if it was all wired I was fine.
Definitely makes sense - security concerns aside, the less crowded the broadcast space, the happier all the APs are.
I don't know much about networking but that page seems to be about someone else setting up a dhcp server without the knowledge of the administrators or the users. In op's case the concerns about mitm attacks don't apply and the other concerns sound like problems that could arise in cases of misconfiguration or if the users aren't aware they're connected to a different network. I also couldn't see anything about it affecting the main network's performance
I mean, it’s all right there in the first two paragraphs. Keep in mind that by DHCP server we aren’t talking about something specifically set up by people with malicious intent. A home router is a DHCP server when not configured for pass through. Students who don’t know how routers actually work (we can’t all be IT nerds, lol) plug them into their dorm Ethernet jack, and now you’ve got an unauthorized device offering IP addresses that conflict with the authorized DHCP servers, which can quickly start causing issues with any new devices trying to connect to the network, and existing devices as their DHCP leases expire. Also keep in mind that we’re talking about a college network that will likely have local network resources for students like shared drives that would not be accessible to anyone connecting through the rogue device. Your IT department will quickly start getting complaints about the network that are caused by an access point you have no control over.
I see, I thought routers knew not to do dhcp on the Wan port
Typically they do. Which is great until you get a student who doesn’t understand WAN vs LAN and plugs both connections into the LAN ports. Never underestimate the power of a Stupid User.
They do.
If you plug the dorm ethernet jack into the LAN side of a consumer router, there's a chance they don't.
Sure, you can catch this if you watch the dhcp leases your router is handing out, but..
I'm assuming OP is at least smart enough to know that the port that's on its own/a different color/somehow different from the others is the one that goes into the wall. It sounds like they have at least that level of competence.
I’m sure OP is given the more technical nature of Lemmy users. But this thread about the average college student with no networking knowledge.
Which is all well and good until you get someone who plugs both connections into the LAN ports.
No. I'm downvoting because your first comments stated it will happen if the router is set up to offer leases. Not that it could happen if a user ignores the quick start guide that says "plug this port into the wall." Then got all pissy with that other guy who pointed out that your article was about DHCP servers, not routers.
I’m not getting pissy about anything. That’s projection on your part, reading a tone that wasn’t there. Just because you’re in a bad mood today doesn’t mean the rest of the internet is.
Ah! I just saw you specified if it’s configured for pass through. If it is configured for pass through, then yeah it likely won’t cause issues on the network. The DHCP server is the critical bit.
From a network management perspective, though, they still won’t want these because you have to trust all these college students are going to properly configure their devices - most of them won’t know how and won’t bother figuring it out. And then you still have the issue of a bunch of unmanaged access points to your network, which is just poor security.
Yeah a simple little unmanaged switch would solve all these issues for about $20 and probably wouldn't break the ToS.
Yeah. I think OP’s issue is they may have a few devices that are wireless only. Not sure of the best way to handle those.
Ah yeah just saw they specifically want to connect a VR headset wirelessly. I'm not real sure how to approach that either, if there's any kind of port on the headset at all they could potentially adapt it to RJ45 but that defeats the whole point.
If a wireless connection is a must OP is just going to have to disable SSID broadcast, restrict it to certain MACs, and try to lock it down as much as possible and hope for the best. If they do it right it'll won't interfere with other devices and no one will ever know.
I didn't, that's just bad grammar. Edited the comment