Link to home
Start Free TrialLog in
Avatar of yodaa

asked on

DHCP lease issue ?


I have noticed that when clients come to our office and when they use our WIFI or if they use our Ethernet connection I can see theirs Laptops on my DHCP lease and also on network mapping. Could you tell me how to block it  and why is it happening ? they are not in my Domain so how can I see theirs laptops on my server and network?

Is there any way to put Security rules for DHCP ?

thank you for help
Avatar of Edward Pamias
Edward Pamias
Flag of United States of America image

In my office we block by MAC address. If the MAC address is not registered on our Network Access Control portal then they wont have access to the network. Do you have the ability to do that?
Yes, you can block by using 802.1x which means only known/systems that are issued cents can auth/validate on the switch as authorized, then assigned toa vlan that is then have access to the DHCP to get an ip oneobe svope versus getting an ip on a different scope.
The wifi they have to know your wifi ssid as well as password.
What is your goal here?  

If you wish to support anonymous machines connecting to your infrastructure, then they need an IP address. This is usually supplied by a DHCP server.

The fact they are connecting via Wireless would tend to indicate they are being given a password and permitted to connect to your infrastructure.

Maybe you could set up a 2nd VLAN (or network) just for visitors, and have them connect to a different WAP or network port?  This would keep them isolated, but would of course require a second WAP and some reconfiguration and management.
Another thing you can do is create an exclusion range for your entire DHCP scope and then assign reservations to individual machines based on their MAC address.  Only computers with reservations will get addresses.

This could be a monumental pain in the rear, though... depending on the size of your network.

Of course, as arnold and Malmensa pointed out, the question remains "How are they getting on your WiFi if you don't want them there?"
Avatar of yodaa


Ah okay.

our clients need have access to out WIFI :(

I read something that I can create rules for example computer without antivirus software or not with the latest update wont be able to connect to our network. Am I correct?
Well, yeah... if you have the right endpoint security software system in place.  But, you can't do that out of the box.
You could also set up a "guest" wifi network on another subnet.
Depending on your WiFi AP/Routers this MAY BE doable directly or you may have to add another WiFi gateway/router for that purpose. A cheap Linksys or TP-Link router would do the trick...
Avatar of Mal Osborne
Mal Osborne
Flag of Australia image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial