DHCP server not lease IP addresses for unauthorized computers/laptops?

Is there any way for DHCP server not lease IP addresses for unauthorized computers/laptops?
Our Domain Controller is Windows Server 2003.
Your suggestions are very much appreciated.
Thanks.


Ignatius.
ijeevanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

willettmeisterCommented:
Here is a discussion on this http://www.experts-exchange.com/Networking/Windows_Networking/Q_22118578.html.  In short because of the way that DHCP works it is not possible to easily limit which systems get addresses.
0
Hugh FraserConsultantCommented:
As the thread mentions, you're probably interested in limiting access to your network to authroized users only, and blocking a DHCP lease doesn't deny anyone from simply setting an address on their own, or simply sniffing traffic, which doesn't need an address at all.

there was an option not mentioned in the thread. In a switched network, the solution to controlling access is 802.1x, which forces users to authenticate themselves before to an authentication server (like a Radius server) before the switch port will grant them access to the network. This isn't a trivial undertaking, but it may be what you're looking for.
0
ijeevanAuthor Commented:
Yes hfraser, I am looking for what you said. And I have a Radius server for my Wireless Network. But how do I implement this in Wired network. How will I force the users to authenticate themselves?
Your response is very much appriciated. Thanks.
0
Hugh FraserConsultantCommented:
802.1x is a lot to discuss in this forum. In a nutshell:

In both the wired and wireless scenarios, you need switches capable of 802.1x authentication. The switches place an un-authenticated device in a vlan with access to a small number of machines. These machines perform authentication, as well as provide any additional service required (AV updates, etc.). Only after the machine passes is connected to a production vlan and allowed access to the network.

There are two authentication steps; the first is to the radius server to gain network access, and the second is typically to a domain in the Microsoft world. These can be two different userspaces, or a single on if the radius server authenticates against, foir instance, AD. Different vendors have different solutions to deal with multiple logins.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
E-Commerce

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.