How to identify a rogue DHCP server, set email notification, and how to configure Client Isolation.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello guys so in today's video i want us to have a look at how we can identify uh rogue dhcp server in our network uh then i also want us to look at how we can set up email notification and we are going to use gmail for that so that you can always receive an email notification whenever there is a rogue dhcp server in your network then after that i also want us to look at how we can prevent the same rogue dhcp server from interfering with your network and also from interfering with the the clients that you have on your network so how does a rogue dhcp server occur this is when probably a client by mistake has unplugged the one cable and plugged it on a different port which is not the one cable which is not the one part that is so in that case you'll find that the client's router will be sending back dhcp to your main router and to other clients as well so we want to be able to notice that and we also want to be able to prevent that from messing up the entire network and also from messing up with other people's work so let's start because i want us to use gns to achieve this so i already as you can see i already have my micro tick router over here and so let's log into it here it is so the first thing that i want us to do this is our core router so it's the one that is allowed to give out dhcp addresses it's the only one that's allowed to have dhcp addresses to your clients so let's set it up so let's start with the first of all creating a bridge so add okay so let's add some viewports inside that bridge uh let's start maybe with port three okay let's go to with the four okay okay that is already added four there okay let's add a third one maybe five okay let's leave it as that at that so let's give that bridge an ip address this should not be here so add so let's give it say 10.10 10 the one slash 24 and this is going to be on the bridge so apply okay so let's set up a dhcp server gtp server so dhcp this goes to the bridge next next next next maybe let's have these as a google dns okay next that's successful uh so that is done let me just confirm if i have internet connectivity here yeah i'm good so the router can be able to send an email so how do you want now to set up an alert for this so you want to go to ip dhcp server underlats then you want to come to add and the interface where your dhcp is is on the bridge and the valid server this is supposed to be the mac address of that bridge so let's get it we go to bridge then this is the mac address we copy that then we come and input it there then there's a script that you'll need to put here so that it can be able to send an email to you whenever there's a rogue dhcp server that has been identified so here is the script i'm going to leave this script down in the description so that you can be able to use it so let's copy this copy then we paste it there apply okay so the next thing that i want us to do is set up email for this so you need to come to tools email then the server here this is uh the gmail server and the ip for that is uh 74 dot 125 dot 1 42 dot 1 0 8 and the port number here is going to be 5 8 7 so and you should set this to yes then from this is going to be your email address the user is also going to be the email address and the password this is going to be the password that you use to log into your email address so i've already set up an email here let's just uh wait for it to open up here this is my email as you can see mr wisp so i'm going to use that let's write it here it's mr wisp 254 gmail.com copy paste that my password as well and that looks okay so you can apply so another important thing that you really need to do on your email side is uh to let me show you you need to come to email then come to your account here then you need to come to security then scroll all the way down then you need to turn on access for less secure apps so we need to turn this on so that you can be able to receive the email so that is updated so we can come back to our gmail then our micro tick so we can try and test if this will work so two it could be it's the same it's the same gmail address and from is the same gmail address our subject could be test mail and the body could also be test mail as well and let's send email let's come to our logs and see what happens if the email has been sent here you can see from the logs it says that email has been sent so let's go to our email yeah here's the email test mail so once that is done let's now try and uh input a rogue dhcp introduce a rogue dhcp in our network and see what happens if we are going to receive a notification for that so we are going to go back to gns let's add a second micro tick router which is going to act as now the rogue dhcp so let's start it then let's log into it using the console system is booting up let's wait for it to boot up just a minute there you are the default credentials of uh of a new microtech is admin the password remains empty you're going to say no it's requiring us to input a new password enter let me change the name for this system identity set name let's call this site one let's enable roman to roman set enable yes enter this is so that we can be able to access it through winbox you can check out my previous video about jns you're going to find out why so after that is done let's now create a link between the two and it's going to go to that port so let's log in through micro tick let's log in through inbox new win box and let's connect to roman so that we can be able to see the new the new microtic that we just brought up here it is connect so what we want to do is we want to set dhcp on this router so that it powers back dhcp to our main router something which should not be happening and see if we get an email notification for that so what we now need to do is uh we need to come to ip dhcp server let's create an iep first maybe we are going to do it on which port did we connect to this is uh ita1 okay so we come to this ip address let's add a new ip let's say 172.20.30.1 slash 24 this is going to ether1 apply okay so let's set up a dhcp so this one also goes to eta one next this is supposed to be 172. 172.20 30.0024 next next looks good it looks good next successful so let's open our main micro tick router open the logs and you can see that a rogue dhcp has been identified here is the log and you can also see that an email has been sent to our to our email account so you can now see you can you can see that the alert has been sent and you can now be able you should not be able to take the next course of action there it is so that is how you identify a rogue dhcp and that is how you also set up that is also how you set up email notification so that you can be notified in case such such a thing happens so uh how do we also prevent these from affecting our network so one thing that we need to do is uh client isolation so what you need to do is you come to [Music] interface i'm sorry you come to the bridge and the ports so you need to [Music] come to open the ports and the horizon value here should be one okay the next part horizon value should be one okay the next part horizon value should be one that is how you set up client isolation for micro tick so what this means is that any port with a horizon value of one is not supposed and it's it cannot be able to communicate to another port with the same horizon value of one so this means that all clans who are who are connected to that particular port this client is only going to communicate to that part and this client will not pollute clients who are on the next spot i'm i hope i'm clear on that and you can get what i'm trying to say here and uh the next thing is that let's say you have a ubiquity access point and maybe it has a numerous number of clients connected to it ubiquity also offers the when you go to wireless there's a place where you are also able to just click on client isolation and all these clients will now not be able to see each other and that is so important because when our client pollutes the dhcp this client will not be able to affect any other client in the network so guys thank you for that and uh if you have any questions regarding this please leave a comment down below so that i can know what you want me to to talk about next time what you want us to have a look if you have any questions please let me know and guys please let's grow this channel kindly subscribe leave a like and also share the video with your friends so that the channel can be able to grow as we proceed together so thanks for that and have a lovely day goodbye

Info

Channel: Mr. WISP_254

Views: 86

Rating: undefined out of 5

Keywords: mikrotik, ubiquiti, ubnt, pppoe, hotspot, wisp, bandwidth management, xceednet, network, wifi, mr.wisp254, Mr. WISP_254, brian onuko, onuko, oktiq, internet, vlan, unms, unifi, unifi controller, static ip, ip, mikrotik configuration, ubiquiti configuration, wisp africa, haplite, winbox, mikrotik for beginners, ubiquiti for beginners, tenda, tp link, tplink, router configuration, router, dashboard, dhcp

Id: 29sSNx1XLP8

Channel Id: undefined

Length: 17min 34sec (1054 seconds)

Published: Tue Oct 19 2021