I would like to find a way or a tool that will secure the DHCP Traffic by any mean except by logging all the Mac-addresses.
The case is as follows:
Windows based network all servers running win 2k3 and all clients running win xp, it's a world wide forest with one parent domain and child domain for each region.
No internal users uses DHCP for getting IPs, however some of them install virtual machines for "testing" and with no domain membership just let it run and it's simple as they get an IP from the DHCP.
Is there is a way to limit the users / computers from just running a computer and getting an IP directly?
The main problem with MAC address thing that we are also getting visitors from other region they are still members of the domain but I can't get the MAC addresses from all regions I mean it will be a bit over load specially for maintaining.
What about using IPSec?
Any comments or Ideas are more than welcome.