DHCP problems

[Rob Devereux]

Has anyone got a fix for this?

I run a Windows 2000 Server Domain at a College. We have
been using Microsoft's DHCP to allot the Ip addresses to
students with network configuration information being sent
as part of the DHCP.

After the Blaster problem last year, it was felt that we
wanted to have more control over the IPs, so we introduced
a system of registration of MAC address and allotment of Ip
(in effect giving the users a static IP, except that they
have to dial-up to get it)

I have found that even though I have restricted the
addresses to be used and registered addresses to a single
MAC Address, where Xp and Windows 2000 clients are
concerned, they bypass this setup and just take any
address not actively being used at the time, causing lots
of Ip conflicts when the registered owner tries to use the
IP.

Anyone know a way to stop this - I suspect that it is a
symptom of them being more modern\same OSes and the same
principles as govern election of Master browsers is going
on?

Rob

 

[Dusko Savatovic]

Your system only proves that control of access by MAC and IP addresses is
inefficient, clumsy and should be abandoned. I'm afraid you cannot do much
unless you change your access control to something else. Students are
changing their settings because they find your system of registering MAC and
IP addresses complicated and when they want to get the job done, they take
shortcuts.

The proper way would be to segment your network and authenticate users. You
may consider installing ISA Server on your entry point subnet and requireing
students to authenticate to gain access to the rest of the network. There
may be other solutions like authenticating at the port of the switch, IPSEC
with AH (that may be overkill), smartcards, wireless security, RADIUS (IAS)
etc.

Dusko Savatovic

 

[Guest]

Rob

Are you using the DHCP server to reserve the IP address to the MAC address for the Windows clients?