Solved

DHCP ? How to Block a PC from getting an IP?

Posted on 2007-04-05
4
11,581 Views
Last Modified: 2012-06-22
Is there a way to  block a computer from gettting an IP from my DHCP server via MAC address?  I'm currently using Window 20003 standard as my DHCP server and from the DHCP lease properties I can see that one IP is being leased to a computer without a name but I can see his MAC address.  I'm just wondering what's the best way to block this pc from getting an IP?  

Thanks
0
Comment
Question by:Victor_Torres
4 Comments
 
LVL 16

Accepted Solution

by:
AdamRobinson earned 125 total points
ID: 18857123
Depending on what you're trying to do and what you have available, you_could_ just create a new DHCP scope with one address allowed, create a reservation for that MAC address, and block that subnet from having any access whatsoever.  

This is assuming you don't have ISA server installed.  

If you can let us know what you're trying to prohibit this user from doing, we may be able to provide you with simpler answers.
0
 
LVL 15

Assisted Solution

by:markpalinux
markpalinux earned 125 total points
ID: 18857354

If the computer is getting an ip, you should be able to view active leases and see the mac.
In dhcp admin mmc, select view add/remove columns, the "unique id" column lists the mac address.

if you can see the ip address, try to ping it then do "arp -a" and the mac should be in your address table.

I do not think you can block a specific mac, but you can setup a reservation for it, then give it an incorrect "router" option which will become the default gateway address for the dhcp client, you maybe even able to give it a incorrect ip address - which would prevent it from accessing items on your network.
0
 
LVL 4

Expert Comment

by:Mark Walden
ID: 18857941
What type of switchs are you using on you network?  Do they support MAC-Address authentication.  I now Foundry, Cisco, and HP ProCurve switch support this.  I happen to use Foundry.  If it is supported you will need to config IAS on one of you Windows servers.  Foundry and Cisco has a lot of White Papers on this.  This setup is not bulletproof, but to block to block a average user it works well.

This mayke some time to setup, but is a good proactive step in network security.
0
 

Author Comment

by:Victor_Torres
ID: 18863175
I'll split the points to adam and mark because both ideas are good advise.    
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question