Solved

DHCP ? How to Block a PC from getting an IP?

Posted on 2007-04-05
4
11,670 Views
Last Modified: 2012-06-22
Is there a way to  block a computer from gettting an IP from my DHCP server via MAC address?  I'm currently using Window 20003 standard as my DHCP server and from the DHCP lease properties I can see that one IP is being leased to a computer without a name but I can see his MAC address.  I'm just wondering what's the best way to block this pc from getting an IP?  

Thanks
0
Comment
Question by:Victor_Torres
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 16

Accepted Solution

by:
AdamRobinson earned 125 total points
ID: 18857123
Depending on what you're trying to do and what you have available, you_could_ just create a new DHCP scope with one address allowed, create a reservation for that MAC address, and block that subnet from having any access whatsoever.  

This is assuming you don't have ISA server installed.  

If you can let us know what you're trying to prohibit this user from doing, we may be able to provide you with simpler answers.
0
 
LVL 15

Assisted Solution

by:markpalinux
markpalinux earned 125 total points
ID: 18857354

If the computer is getting an ip, you should be able to view active leases and see the mac.
In dhcp admin mmc, select view add/remove columns, the "unique id" column lists the mac address.

if you can see the ip address, try to ping it then do "arp -a" and the mac should be in your address table.

I do not think you can block a specific mac, but you can setup a reservation for it, then give it an incorrect "router" option which will become the default gateway address for the dhcp client, you maybe even able to give it a incorrect ip address - which would prevent it from accessing items on your network.
0
 
LVL 4

Expert Comment

by:Mark Walden
ID: 18857941
What type of switchs are you using on you network?  Do they support MAC-Address authentication.  I now Foundry, Cisco, and HP ProCurve switch support this.  I happen to use Foundry.  If it is supported you will need to config IAS on one of you Windows servers.  Foundry and Cisco has a lot of White Papers on this.  This setup is not bulletproof, but to block to block a average user it works well.

This mayke some time to setup, but is a good proactive step in network security.
0
 

Author Comment

by:Victor_Torres
ID: 18863175
I'll split the points to adam and mark because both ideas are good advise.    
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question