Solved

How To Prevent DHCP Lease To Non Authorized Clients

Posted on 2009-05-11
5
356 Views
Last Modified: 2012-05-06
Hello,

I am wondering if it is possible to prevent DHCP leases from being assigned from Windows Server 2008 to only MAC addresses that have been entered in to the Reservations section of the server.

Thanks,
Ryan
0
Comment
Question by:Ryan Rood
  • 2
  • 2
5 Comments
 
LVL 2

Expert Comment

by:Miele102
ID: 24357109
Why should you like that. It gives you more work because you must know the mac address from all your clients. Give the clients then a fixed ip adrress, but you must register them because to evoid ip conficts.
DHCP is must easier.
0
 
LVL 1

Author Comment

by:Ryan Rood
ID: 24357130
The problem is I need to be able to dynamically update information ... thus the DHCP server. I want to be able to lock it down to the MAC address so if they aren't on the list, I want the client to fail to find the DHCP server.

Is this possible?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 24357238
That is what NAC is about, http://en.wikipedia.org/wiki/Network_Access_Control.  

I don't think you can do it without special software.  

However what you can do is assigned to a different scope (IP subnet) and then using ACL's limit what they can do, to nothing.   You could setup a scope that does not have a default router/gateway, then they should be fairly restricted or setup a scope with no IP addresses it in.  The PC might then get a "169" address assigned which would be fairly useless.

Do you have managed switches where you could setup ACL's?
0
 
LVL 2

Assisted Solution

by:Miele102
Miele102 earned 250 total points
ID: 24357274
The only way you can try it is to make range in your dhcp scope for example, your dchp leases the range 192.168.0.0 to 192.168.0.254.
Set the address range to the number of clients say 15 clients, so the range would be 192.168.0.1 - 192.168.0.16. make reservations on mac address and then a new client would be rejected.
The only problem, you must always change your scope when a new client comes in your network or when a client is replaced, and that gives you more work.
So, can you give a reason why you would have it this way?
0
 
LVL 1

Author Comment

by:Ryan Rood
ID: 24363783
So basically I am limited to using 802.1x ... which I don't have the technology to use right now. Thanks for the suggestions. Restricting the DHCP like this won't work as I keey the ranges seperated.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now