Solved

Restrict DCHP  / Issue different Default Gateway to Domain Members

Posted on 2009-03-30
8
415 Views
Last Modified: 2012-05-06
Is it possible to restrict issuing of DHCP leases to Domain Members only? Or to issue a different default gateway based on Domain Membership?

From what I know already and research so far it does not look to be possible.

Group Policy currently points Domain Members to an ISA Proxy Server via IE Settings.
I would like to ensure that non-domain members which connect to the network are either directed to the Proxy or, directed to a different Default Gateway (which is on a connection which is restricted via another method.).

Is the only way to do this for the Router/Firewall that is normally issued as the default gateway (and is the Gateway for the ISA Server) to only accept web traffic from the ISA Server?

Or is there a way to only issue DHCP Leases to Domain Members?
Given PXE booting exists I'm assuming DHCP is picked up long before Domain Credentials are checked for?
0
Comment
Question by:Softech99754096
  • 3
  • 2
8 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 24020261
You could do it if you want to input the MAC Address of each machine for a reserved DHCP lease, but that is even more maintenance than static IP addresses.  I don't think it is possible, though, outside that.
0
 

Author Comment

by:Softech99754096
ID: 24026892
That is not an option. It would be an administrative nightmare as there are approximately 200 client machines on the network.
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 24028224
You could VLAN those machines and have a seperate DHCP scope for them...
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Softech99754096
ID: 24028566
Hmm.. yes, though I don't know if the Switches in use support multiple VLan's.

If I were to do that I would have to then have multiple DHCP servers - connecting each to an appropriate VLan, right?
0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 25 total points
ID: 24032386
No, you can have multiple scopes on one DHCP server.  I use one Server 2003 DHCP server to farm out 97 different scopes for 92 different locations.
0
 
LVL 7

Assisted Solution

by:hau_it
hau_it earned 25 total points
ID: 24145545
Try to search the DHCP option classes.
With this configuration you can assign classes to to the users and each Class gets its own DHCP configuration.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
windows server 2012 R2 DHCP clustering ? 5 47
Price for Fiber 13 60
Is Fedora an appropriate distro for the environment. 7 86
SSL-VPN 1 43
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question