[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 11875
  • Last Modified:

DHCP ? How to Block a PC from getting an IP?

Is there a way to  block a computer from gettting an IP from my DHCP server via MAC address?  I'm currently using Window 20003 standard as my DHCP server and from the DHCP lease properties I can see that one IP is being leased to a computer without a name but I can see his MAC address.  I'm just wondering what's the best way to block this pc from getting an IP?  

Thanks
0
Victor_Torres
Asked:
Victor_Torres
2 Solutions
 
AdamRobinsonCommented:
Depending on what you're trying to do and what you have available, you_could_ just create a new DHCP scope with one address allowed, create a reservation for that MAC address, and block that subnet from having any access whatsoever.  

This is assuming you don't have ISA server installed.  

If you can let us know what you're trying to prohibit this user from doing, we may be able to provide you with simpler answers.
0
 
markpalinuxCommented:

If the computer is getting an ip, you should be able to view active leases and see the mac.
In dhcp admin mmc, select view add/remove columns, the "unique id" column lists the mac address.

if you can see the ip address, try to ping it then do "arp -a" and the mac should be in your address table.

I do not think you can block a specific mac, but you can setup a reservation for it, then give it an incorrect "router" option which will become the default gateway address for the dhcp client, you maybe even able to give it a incorrect ip address - which would prevent it from accessing items on your network.
0
 
Mark WaldenInformation Security EngineerCommented:
What type of switchs are you using on you network?  Do they support MAC-Address authentication.  I now Foundry, Cisco, and HP ProCurve switch support this.  I happen to use Foundry.  If it is supported you will need to config IAS on one of you Windows servers.  Foundry and Cisco has a lot of White Papers on this.  This setup is not bulletproof, but to block to block a average user it works well.

This mayke some time to setup, but is a good proactive step in network security.
0
 
Victor_TorresAuthor Commented:
I'll split the points to adam and mark because both ideas are good advise.    
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now