Solved

How To Prevent DHCP Lease To Non Authorized Clients

Posted on 2009-05-11
5
367 Views
Last Modified: 2012-05-06
Hello,

I am wondering if it is possible to prevent DHCP leases from being assigned from Windows Server 2008 to only MAC addresses that have been entered in to the Reservations section of the server.

Thanks,
Ryan
0
Comment
Question by:Ryan Rood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 2

Expert Comment

by:Miele102
ID: 24357109
Why should you like that. It gives you more work because you must know the mac address from all your clients. Give the clients then a fixed ip adrress, but you must register them because to evoid ip conficts.
DHCP is must easier.
0
 
LVL 1

Author Comment

by:Ryan Rood
ID: 24357130
The problem is I need to be able to dynamically update information ... thus the DHCP server. I want to be able to lock it down to the MAC address so if they aren't on the list, I want the client to fail to find the DHCP server.

Is this possible?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 24357238
That is what NAC is about, http://en.wikipedia.org/wiki/Network_Access_Control.  

I don't think you can do it without special software.  

However what you can do is assigned to a different scope (IP subnet) and then using ACL's limit what they can do, to nothing.   You could setup a scope that does not have a default router/gateway, then they should be fairly restricted or setup a scope with no IP addresses it in.  The PC might then get a "169" address assigned which would be fairly useless.

Do you have managed switches where you could setup ACL's?
0
 
LVL 2

Assisted Solution

by:Miele102
Miele102 earned 250 total points
ID: 24357274
The only way you can try it is to make range in your dhcp scope for example, your dchp leases the range 192.168.0.0 to 192.168.0.254.
Set the address range to the number of clients say 15 clients, so the range would be 192.168.0.1 - 192.168.0.16. make reservations on mac address and then a new client would be rejected.
The only problem, you must always change your scope when a new client comes in your network or when a client is replaced, and that gives you more work.
So, can you give a reason why you would have it this way?
0
 
LVL 1

Author Comment

by:Ryan Rood
ID: 24363783
So basically I am limited to using 802.1x ... which I don't have the technology to use right now. Thanks for the suggestions. Restricting the DHCP like this won't work as I keey the ranges seperated.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question