Solved

How To Prevent DHCP Lease To Non Authorized Clients

Posted on 2009-05-11
5
362 Views
Last Modified: 2012-05-06
Hello,

I am wondering if it is possible to prevent DHCP leases from being assigned from Windows Server 2008 to only MAC addresses that have been entered in to the Reservations section of the server.

Thanks,
Ryan
0
Comment
Question by:Ryan Rood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 2

Expert Comment

by:Miele102
ID: 24357109
Why should you like that. It gives you more work because you must know the mac address from all your clients. Give the clients then a fixed ip adrress, but you must register them because to evoid ip conficts.
DHCP is must easier.
0
 
LVL 1

Author Comment

by:Ryan Rood
ID: 24357130
The problem is I need to be able to dynamically update information ... thus the DHCP server. I want to be able to lock it down to the MAC address so if they aren't on the list, I want the client to fail to find the DHCP server.

Is this possible?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 24357238
That is what NAC is about, http://en.wikipedia.org/wiki/Network_Access_Control.  

I don't think you can do it without special software.  

However what you can do is assigned to a different scope (IP subnet) and then using ACL's limit what they can do, to nothing.   You could setup a scope that does not have a default router/gateway, then they should be fairly restricted or setup a scope with no IP addresses it in.  The PC might then get a "169" address assigned which would be fairly useless.

Do you have managed switches where you could setup ACL's?
0
 
LVL 2

Assisted Solution

by:Miele102
Miele102 earned 250 total points
ID: 24357274
The only way you can try it is to make range in your dhcp scope for example, your dchp leases the range 192.168.0.0 to 192.168.0.254.
Set the address range to the number of clients say 15 clients, so the range would be 192.168.0.1 - 192.168.0.16. make reservations on mac address and then a new client would be rejected.
The only problem, you must always change your scope when a new client comes in your network or when a client is replaced, and that gives you more work.
So, can you give a reason why you would have it this way?
0
 
LVL 1

Author Comment

by:Ryan Rood
ID: 24363783
So basically I am limited to using 802.1x ... which I don't have the technology to use right now. Thanks for the suggestions. Restricting the DHCP like this won't work as I keey the ranges seperated.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to do SFTP in Windows to another server. 3 37
Urgent Help dns, clock issues nightmare 71 80
rds question 5 38
Event ID 29 KDC Win 2008 R2 DC 6 19
If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question