Solved

DHCP ? How to Block a PC from getting an IP?

Posted on 2007-04-05
4
11,626 Views
Last Modified: 2012-06-22
Is there a way to  block a computer from gettting an IP from my DHCP server via MAC address?  I'm currently using Window 20003 standard as my DHCP server and from the DHCP lease properties I can see that one IP is being leased to a computer without a name but I can see his MAC address.  I'm just wondering what's the best way to block this pc from getting an IP?  

Thanks
0
Comment
Question by:Victor_Torres
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 16

Accepted Solution

by:
AdamRobinson earned 125 total points
ID: 18857123
Depending on what you're trying to do and what you have available, you_could_ just create a new DHCP scope with one address allowed, create a reservation for that MAC address, and block that subnet from having any access whatsoever.  

This is assuming you don't have ISA server installed.  

If you can let us know what you're trying to prohibit this user from doing, we may be able to provide you with simpler answers.
0
 
LVL 15

Assisted Solution

by:markpalinux
markpalinux earned 125 total points
ID: 18857354

If the computer is getting an ip, you should be able to view active leases and see the mac.
In dhcp admin mmc, select view add/remove columns, the "unique id" column lists the mac address.

if you can see the ip address, try to ping it then do "arp -a" and the mac should be in your address table.

I do not think you can block a specific mac, but you can setup a reservation for it, then give it an incorrect "router" option which will become the default gateway address for the dhcp client, you maybe even able to give it a incorrect ip address - which would prevent it from accessing items on your network.
0
 
LVL 4

Expert Comment

by:Mark Walden
ID: 18857941
What type of switchs are you using on you network?  Do they support MAC-Address authentication.  I now Foundry, Cisco, and HP ProCurve switch support this.  I happen to use Foundry.  If it is supported you will need to config IAS on one of you Windows servers.  Foundry and Cisco has a lot of White Papers on this.  This setup is not bulletproof, but to block to block a average user it works well.

This mayke some time to setup, but is a good proactive step in network security.
0
 

Author Comment

by:Victor_Torres
ID: 18863175
I'll split the points to adam and mark because both ideas are good advise.    
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question