MAC authenticated DHCP

  • Thread starter Thread starter Jean
  • Start date Start date
J

Jean

Does anyone know if a Windows 2000 DHCP server can be
configured to perform MAC authentication prior to
assigning an IP address?
 
Hi Jean,

Not exactly, DHCP has no design specification to provide authentication,
but you can create a DHCP reservation for every client that you want to be
able to get an address and then exclude any unreserved addresses in your
scope.
Another possiblity is 802.1x which was designed to provide network
authentication. Of course you need hardware (switches) that support it.

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
Thanks Marc.

I was hoping there was a way to configure the DHCP server
similar to the 802.1x devices so that we could prevent
customers/guests from getting an address on our corporate
LAN when they plug into a wall jack. I was hoping to
avoid reservations but that looks like the only way to go.

Thanks again for the advice!
Jean
-----Original Message-----
Hi Jean,

Not exactly, DHCP has no design specification to provide authentication,
but you can create a DHCP reservation for every client that you want to be
able to get an address and then exclude any unreserved addresses in your
scope.
Another possiblity is 802.1x which was designed to provide network
authentication. Of course you need hardware (switches) that support it.

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and
Click to expand...
confers no rights.
 
Yes, reservations are the only way to go, but I would recommend (if
possible) using something other than DHCP + MAC as your authentication
solution. It is quite easy to spoof a MAC address in a DHCP transaction. .
..

--
==============================
Chris Edson
(e-mail address removed)
Tech Chat: Configuring and Deploying DHCP with Windows Server 2003.

November 20th, 10:00 AM PST

Join the Windows DHCP product development team for a chat on the new
features of DCHP in Windows Server 2003. If you've seen the Webcast on
Windows Server 2003 Infrastructure Networking Services
(http://www.microsoft.com/usa/webcasts/ondemand/2375.asp) in October or
recently downloaded the Windows 2003 Server Deployment Kit
(http://www.microsoft.com/downloads/details.aspx?familyid=d91065ee-e618-4810
-a036-de633f79872e), the team will be happy to take your questions on
deployment, configuration, and tools for implementing DHCP.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itcommunity/chats/Default.asp

This posting is provided "AS IS" with
no warranties, and confers no rights.
===============================
 
I don't know what you mean by MAC authentication but you
can force DHCP to assign a particular IP to a paticular
MAC address, I haven't seen authentication based upon a
MAC address or paticular range of MAC addresses.

I am currently in the process of using a Superscope and I
am using my MAC address to force an IP on my system from
one of my scopes.
 
Using MAC based VLAN's in your environment may achieve
what you are after.

Dale Wyman
 
Back
Top