C
Carl Hilton
Is there a way to limit who can use DHCP, say by MAC address or even
machine/netbios name?
Carl
machine/netbios name?
Carl
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
K
Karl Levinson [x y] mvp
This question is frequently asked here, and the usual answer is either
1) to use DHCP reservations on the server to bind a particular MAC
address /
NIC card to a particular IP address [which might be a lot of work for
the
administrator to do if the network was large, and note that this would
NOT prevent an intruder from choosing their own static IP address and
getting on the network anyways];
2) use some form of per-user authentication at the switch, proxy
server or
firewall; and/or
3) use a network IDS product to monitor MAC address to IP address
mappings
[which would possibly generate a lot of false alarms and extra work
and
would just be detective and not preventative].
1) to use DHCP reservations on the server to bind a particular MAC
address /
NIC card to a particular IP address [which might be a lot of work for
the
administrator to do if the network was large, and note that this would
NOT prevent an intruder from choosing their own static IP address and
getting on the network anyways];
2) use some form of per-user authentication at the switch, proxy
server or
firewall; and/or
3) use a network IDS product to monitor MAC address to IP address
mappings
[which would possibly generate a lot of false alarms and extra work
and
would just be detective and not preventative].
A
anonymous
you could implement 802.1x to limit who can connect to
your network.
your network.
R
Roland Hall
I got asked this question a couple of weeks ago. The answer is you can fill
your DHCP with reservations, even dummy ones to fill your scope. At the
router, you limit the addresses that can route out so static addresses
cannot be used. In other words, you will have to have ALL reservations and
only allow trusted systems through the router.
This is not a fool proof system because it is possible to modify your
reported MAC address so authentication would also be necessary to limit
external access.
With a shared hub connected to the outbound router and a system running Surf
Control Web Filter, you can even limit by time restrictions and
destinations.
Is there a way to limit who can use DHCP, say by MAC address or even
machine/netbios name?
Carl
your DHCP with reservations, even dummy ones to fill your scope. At the
router, you limit the addresses that can route out so static addresses
cannot be used. In other words, you will have to have ALL reservations and
only allow trusted systems through the router.
This is not a fool proof system because it is possible to modify your
reported MAC address so authentication would also be necessary to limit
external access.
With a shared hub connected to the outbound router and a system running Surf
Control Web Filter, you can even limit by time restrictions and
destinations.
Is there a way to limit who can use DHCP, say by MAC address or even
machine/netbios name?
Carl