How To Prevent DHCP Lease To Non Authorized Clients

Hello,

I am wondering if it is possible to prevent DHCP leases from being assigned from Windows Server 2008 to only MAC addresses that have been entered in to the Reservations section of the server.

Thanks,
Ryan
LVL 1
Ryan RoodAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
giltjrConnect With a Mentor Commented:
That is what NAC is about, http://en.wikipedia.org/wiki/Network_Access_Control.  

I don't think you can do it without special software.  

However what you can do is assigned to a different scope (IP subnet) and then using ACL's limit what they can do, to nothing.   You could setup a scope that does not have a default router/gateway, then they should be fairly restricted or setup a scope with no IP addresses it in.  The PC might then get a "169" address assigned which would be fairly useless.

Do you have managed switches where you could setup ACL's?
0
 
Miele102Commented:
Why should you like that. It gives you more work because you must know the mac address from all your clients. Give the clients then a fixed ip adrress, but you must register them because to evoid ip conficts.
DHCP is must easier.
0
 
Ryan RoodAuthor Commented:
The problem is I need to be able to dynamically update information ... thus the DHCP server. I want to be able to lock it down to the MAC address so if they aren't on the list, I want the client to fail to find the DHCP server.

Is this possible?
0
 
Miele102Connect With a Mentor Commented:
The only way you can try it is to make range in your dhcp scope for example, your dchp leases the range 192.168.0.0 to 192.168.0.254.
Set the address range to the number of clients say 15 clients, so the range would be 192.168.0.1 - 192.168.0.16. make reservations on mac address and then a new client would be rejected.
The only problem, you must always change your scope when a new client comes in your network or when a client is replaced, and that gives you more work.
So, can you give a reason why you would have it this way?
0
 
Ryan RoodAuthor Commented:
So basically I am limited to using 802.1x ... which I don't have the technology to use right now. Thanks for the suggestions. Restricting the DHCP like this won't work as I keey the ranges seperated.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.