Solved

Restrict DCHP  / Issue different Default Gateway to Domain Members

Posted on 2009-03-30
8
417 Views
Last Modified: 2012-05-06
Is it possible to restrict issuing of DHCP leases to Domain Members only? Or to issue a different default gateway based on Domain Membership?

From what I know already and research so far it does not look to be possible.

Group Policy currently points Domain Members to an ISA Proxy Server via IE Settings.
I would like to ensure that non-domain members which connect to the network are either directed to the Proxy or, directed to a different Default Gateway (which is on a connection which is restricted via another method.).

Is the only way to do this for the Router/Firewall that is normally issued as the default gateway (and is the Gateway for the ISA Server) to only accept web traffic from the ISA Server?

Or is there a way to only issue DHCP Leases to Domain Members?
Given PXE booting exists I'm assuming DHCP is picked up long before Domain Credentials are checked for?
0
Comment
Question by:Softech99754096
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 24020261
You could do it if you want to input the MAC Address of each machine for a reserved DHCP lease, but that is even more maintenance than static IP addresses.  I don't think it is possible, though, outside that.
0
 

Author Comment

by:Softech99754096
ID: 24026892
That is not an option. It would be an administrative nightmare as there are approximately 200 client machines on the network.
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 24028224
You could VLAN those machines and have a seperate DHCP scope for them...
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:Softech99754096
ID: 24028566
Hmm.. yes, though I don't know if the Switches in use support multiple VLan's.

If I were to do that I would have to then have multiple DHCP servers - connecting each to an appropriate VLan, right?
0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 25 total points
ID: 24032386
No, you can have multiple scopes on one DHCP server.  I use one Server 2003 DHCP server to farm out 97 different scopes for 92 different locations.
0
 
LVL 7

Assisted Solution

by:hau_it
hau_it earned 25 total points
ID: 24145545
Try to search the DHCP option classes.
With this configuration you can assign classes to to the users and each Class gets its own DHCP configuration.
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question