Softech99754096
asked on
Restrict DCHP / Issue different Default Gateway to Domain Members
Is it possible to restrict issuing of DHCP leases to Domain Members only? Or to issue a different default gateway based on Domain Membership?
From what I know already and research so far it does not look to be possible.
Group Policy currently points Domain Members to an ISA Proxy Server via IE Settings.
I would like to ensure that non-domain members which connect to the network are either directed to the Proxy or, directed to a different Default Gateway (which is on a connection which is restricted via another method.).
Is the only way to do this for the Router/Firewall that is normally issued as the default gateway (and is the Gateway for the ISA Server) to only accept web traffic from the ISA Server?
Or is there a way to only issue DHCP Leases to Domain Members?
Given PXE booting exists I'm assuming DHCP is picked up long before Domain Credentials are checked for?
From what I know already and research so far it does not look to be possible.
Group Policy currently points Domain Members to an ISA Proxy Server via IE Settings.
I would like to ensure that non-domain members which connect to the network are either directed to the Proxy or, directed to a different Default Gateway (which is on a connection which is restricted via another method.).
Is the only way to do this for the Router/Firewall that is normally issued as the default gateway (and is the Gateway for the ISA Server) to only accept web traffic from the ISA Server?
Or is there a way to only issue DHCP Leases to Domain Members?
Given PXE booting exists I'm assuming DHCP is picked up long before Domain Credentials are checked for?
You could do it if you want to input the MAC Address of each machine for a reserved DHCP lease, but that is even more maintenance than static IP addresses. I don't think it is possible, though, outside that.
ASKER
That is not an option. It would be an administrative nightmare as there are approximately 200 client machines on the network.
You could VLAN those machines and have a seperate DHCP scope for them...
ASKER
Hmm.. yes, though I don't know if the Switches in use support multiple VLan's.
If I were to do that I would have to then have multiple DHCP servers - connecting each to an appropriate VLan, right?
If I were to do that I would have to then have multiple DHCP servers - connecting each to an appropriate VLan, right?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.