Very often we receive call from panic system administrators from hotels complaining many of guest dont get internet . We get the calls specially because we have installed firewall in most of hotels here in Doha Qatar . We rush to the sight just to find that guest are getting IP's from some other DHCP servers and not from designated one . Most probably from some guest with small wireless booster or sort of equipments .
We feel sympathy toward this SA because they have multi-million worth switching infrastructure with core-switches that too with redundancy , IPS modules , fiber uplinks , wireless controllers and whatever you can name . But forgot one simple step - DHCP snooping .
So before it happens again please do following steps on your switches .
Enter "IP DHCP SNOOPING " on all switches to stop unauthorized DHCP .
And on the interface where you have actual DHCP server put "IP DHCP SNOOPING TRUST "
You need to make trunk port also "IP DHCP SNOOPING TRUST " ( to pass DHCP information from actual DHCP server through multiple switches )
Test it with a small DHCP equipment like D-Link router to confirm everything