Because that router will be broadcasting DHCP signals and offering IPs, conflicting with the authorized DHCP servers on the network. This wiki article will probably explain it better. I’m not so good with the words a such.
Comment on Student dorm does not allow wifi routers
Lojcs@lemm.ee 2 months agoWhy does the dhcp on the router affect the main network? I’d think that way it only needs to deal with the router, as opposed to all the devices connected to the router if it’s passthrough?
Confused_Emus@lemmy.dbzer0.com 2 months ago
bamboo@lemm.ee 2 months ago
A consumer router only operates DHCP on the LAN side. Presumably one would plug the WAN side into the university network, making this a non-issue.
Confused_Emus@lemmy.dbzer0.com 2 months ago
Some of my other replies address that. Worked in IT on a college campus, and every class will have at least a few clueless users who just plug the cables into the LAN ports.
bamboo@lemm.ee 2 months ago
Makes sense. Would that not be trivially mitigated by just blocking dhcp responses from unapproved servers on the switch though?
Lojcs@lemm.ee 2 months ago
I don’t know much about networking but that page seems to be about someone else setting up a dhcp server without the knowledge of the administrators or the users. In op’s case the concerns about mitm attacks don’t apply and the other concerns sound like problems that could arise in cases of misconfiguration. I also couldn’t see anything about it affecting the main network’s performance
Confused_Emus@lemmy.dbzer0.com 2 months ago
I mean, it’s all right there in the first two paragraphs. Keep in mind that by DHCP server we aren’t talking about something specifically set up by people with malicious intent. A home router is a DHCP server when not configured for pass through. Students who don’t know how routers actually work (we can’t all be IT nerds, lol) plug them into their dorm Ethernet jack, and now you’ve got an unauthorized device offering IP addresses that conflict with the authorized DHCP servers, which can quickly start causing issues with any new devices trying to connect to the network, and existing devices as their DHCP leases expire. Also keep in mind that we’re talking about a college network that will likely have local network resources for students like shared drives that would not be accessible to anyone connecting through the rogue device. Your IT department will quickly start getting complaints about the network that are caused by an access point you have no control over.
Lojcs@lemm.ee 2 months ago
I see, I thought routers knew not to do dhcp on the Wan port
Confused_Emus@lemmy.dbzer0.com 2 months ago
Ah! I just saw you specified if it’s configured for pass through. If it is configured for pass through, then yeah it likely won’t cause issues on the network. The DHCP server is the critical bit.
From a network management perspective, though, they still won’t want these because you have to trust all these college students are going to properly configure their devices - most of them won’t know how and won’t bother figuring it out. And then you still have the issue of a bunch of unmanaged access points to your network, which is just poor security.
nomous@lemmy.world 2 months ago
Yeah a simple little unmanaged switch would solve all these issues for about $20 and probably wouldn’t break the ToS.
Confused_Emus@lemmy.dbzer0.com 2 months ago
Yeah. I think OP’s issue is they may have a few devices that are wireless only. Not sure of the best way to handle those.
nomous@lemmy.world 2 months ago
Ah yeah just saw they specifically want to connect a VR headset wirelessly. I’m not real sure how to approach that either, if there’s any kind of port on the headset at all they could potentially adapt it to RJ45 but that defeats the whole point.
If a wireless connection is a must OP is just going to have to disable SSID broadcast, restrict it to certain MACs, and try to lock it down as much as possible and hope for the best. If they do it right it’ll won’t interfere with other devices and no one will ever know.
Lojcs@lemm.ee 2 months ago
I didn’t, that’s just bad grammar. Edited the comment