Solved

How To Prevent DHCP Lease To Non Authorized Clients

Posted on 2009-05-11
5
353 Views
Last Modified: 2012-05-06
Hello,

I am wondering if it is possible to prevent DHCP leases from being assigned from Windows Server 2008 to only MAC addresses that have been entered in to the Reservations section of the server.

Thanks,
Ryan
0
Comment
Question by:Ryan Rood
  • 2
  • 2
5 Comments
 
LVL 2

Expert Comment

by:Miele102
ID: 24357109
Why should you like that. It gives you more work because you must know the mac address from all your clients. Give the clients then a fixed ip adrress, but you must register them because to evoid ip conficts.
DHCP is must easier.
0
 
LVL 1

Author Comment

by:Ryan Rood
ID: 24357130
The problem is I need to be able to dynamically update information ... thus the DHCP server. I want to be able to lock it down to the MAC address so if they aren't on the list, I want the client to fail to find the DHCP server.

Is this possible?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 24357238
That is what NAC is about, http://en.wikipedia.org/wiki/Network_Access_Control.  

I don't think you can do it without special software.  

However what you can do is assigned to a different scope (IP subnet) and then using ACL's limit what they can do, to nothing.   You could setup a scope that does not have a default router/gateway, then they should be fairly restricted or setup a scope with no IP addresses it in.  The PC might then get a "169" address assigned which would be fairly useless.

Do you have managed switches where you could setup ACL's?
0
 
LVL 2

Assisted Solution

by:Miele102
Miele102 earned 250 total points
ID: 24357274
The only way you can try it is to make range in your dhcp scope for example, your dchp leases the range 192.168.0.0 to 192.168.0.254.
Set the address range to the number of clients say 15 clients, so the range would be 192.168.0.1 - 192.168.0.16. make reservations on mac address and then a new client would be rejected.
The only problem, you must always change your scope when a new client comes in your network or when a client is replaced, and that gives you more work.
So, can you give a reason why you would have it this way?
0
 
LVL 1

Author Comment

by:Ryan Rood
ID: 24363783
So basically I am limited to using 802.1x ... which I don't have the technology to use right now. Thanks for the suggestions. Restricting the DHCP like this won't work as I keey the ranges seperated.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now