Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

DHCP server not lease IP addresses for unauthorized computers/laptops?

Posted on 2008-10-22
4
617 Views
Last Modified: 2013-11-18
Is there any way for DHCP server not lease IP addresses for unauthorized computers/laptops?
Our Domain Controller is Windows Server 2003.
Your suggestions are very much appreciated.
Thanks.


Ignatius.
0
Comment
Question by:ijeevan
  • 2
4 Comments
 
LVL 11

Expert Comment

by:willettmeister
ID: 22774774
Here is a discussion on this http://www.experts-exchange.com/Networking/Windows_Networking/Q_22118578.html.  In short because of the way that DHCP works it is not possible to easily limit which systems get addresses.
0
 
LVL 12

Expert Comment

by:hfraser
ID: 22775224
As the thread mentions, you're probably interested in limiting access to your network to authroized users only, and blocking a DHCP lease doesn't deny anyone from simply setting an address on their own, or simply sniffing traffic, which doesn't need an address at all.

there was an option not mentioned in the thread. In a switched network, the solution to controlling access is 802.1x, which forces users to authenticate themselves before to an authentication server (like a Radius server) before the switch port will grant them access to the network. This isn't a trivial undertaking, but it may be what you're looking for.
0
 

Author Comment

by:ijeevan
ID: 22820500
Yes hfraser, I am looking for what you said. And I have a Radius server for my Wireless Network. But how do I implement this in Wired network. How will I force the users to authenticate themselves?
Your response is very much appriciated. Thanks.
0
 
LVL 12

Accepted Solution

by:
hfraser earned 500 total points
ID: 22828910
802.1x is a lot to discuss in this forum. In a nutshell:

In both the wired and wireless scenarios, you need switches capable of 802.1x authentication. The switches place an un-authenticated device in a vlan with access to a small number of machines. These machines perform authentication, as well as provide any additional service required (AV updates, etc.). Only after the machine passes is connected to a production vlan and allowed access to the network.

There are two authentication steps; the first is to the radius server to gain network access, and the second is typically to a domain in the Microsoft world. These can be two different userspaces, or a single on if the radius server authenticates against, foir instance, AD. Different vendors have different solutions to deal with multiple logins.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Every business owner understands the significance of online customer reviews and the impact it can have on sales and revenues. With technology advancing at such a rapid pace, getting online reviews has never been easier, especially when many regions…
Learn about the eCommerce marketing trends for the year ahead.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question