Network Restrictions

Thlware
Thlware used Ask the Experts™
on
Hi,

I have this technologies in my enviroment DHCP(windows Server), Checkpoint, Cisco Access switch 3550, AD 2008.

I have an issue, any machine can be plugged on the network and DHCP will dish out an IP for that machine and that machine will have access to the network the only thing that can stop that person to have access is credentials in some cases by luck if they get the IP that have access to the internet automatically have access to the internet.

I need to know with the tools i have can i control this network access or we need to investigate another tool that can control access to our network.

Basically we looking at something that will make the PC usless after giving an IP only us we can start giving it privilleges up on request. Or maybe getting meseare from the DHCP server to meet certain criteria before dishing out IP adress, Please advice.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
A simple way to stop internet access is to have a range of IPs that have access but dont get issued (ie not part of the DHCP pool).

When a machines gets an IP they cant do much without login details etc - and no internet access.

If the User/PC needs internet access you can configure a Reserved IP Address...

Hope this helps
If I'm understanding the question correctly, what you need is a means of controlling who can access which resource, including the internet.

Windows Server 2008 already has the tools to enable you to define user access rights and privileges. For example, you can set up and configure user groups with the a particular set of rights and privileges, and just add users requiring that set to that group. This is the simplest scenario though; when you have users in multiple groups things can get complicated...

Internet access can be controlled by your firewall or even your switch; the Checkpoint unit will probably allow access schedules to be set based on IP or MAC addresses.

Commented:
dot1x authentification with cisco is the answer

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial