Is it possible to offer DHCP only to WiFi clients?

This is a terrible solution as a security measure...

1 Like

I wouldn't even consider it security at all.

The only thing you can do is make VLANs, then on that wired port only allow one specific vlan that only has access to e.g. A wireguard server. Or only to the internet or whatever

IEEE 802.1X was created to solve this need...

I confirm it worked like charm. Thank you!

1 Like

Totally agree. Inconvienence is probably the better term :slight_smile:

This is not the only thing (as @eduperez points out, 802.1x addresses this, and there are a few other ways of dealing with it).

There is one othe really simple security measure -- simply disconnect the port if it is not actively in use (the OP didn't specify if these are random, currently unused ports around the space, or if the goal is to prevent someone from using a port by unplugging another piece of equipment and plugging their device into that port instead, so this idea may be moot)... but if the concern is about unused ports, just unplug them from the switch and you have the best possible security :stuck_out_tongue_winking_eye:


Yes, that's why I mentioned that it was a kind of "security requirement". We recently had a security audit and this was one of their findings. Among a long, long list of recommendations, we have this issue. With this solution implemented, we can tick only this box, then we have other measures to implement.

1 Like

Ok, a "security audit"... it all makes sense now.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.