More than 1 DHCP server

  • Thread starter Thread starter EN
  • Start date Start date
E

EN

Can I set a priority as to how a client reaches a DHCP server? I have two
DHCP servers that have
client reservations, ones that I have been authorized (by me) to receive
valid IPs, and then I have
another DHCP server,for those computers that people decide to bring in and
not bring to me to
get an ok (check for virus stuff or spyware), which gives out incorrect
information.
I would want the first two (good information) servers to get hit first, and
then the 3rd (bad info) to get
hit. Is this even possible?
Thanks
 
EN said:
Can I set a priority as to how a client reaches a DHCP server? I have two
DHCP servers that have
client reservations, ones that I have been authorized (by me) to receive
valid IPs, and then I have
another DHCP server,for those computers that people decide to bring in and
not bring to me to
get an ok (check for virus stuff or spyware), which gives out incorrect
information.
I would want the first two (good information) servers to get hit first, and
then the 3rd (bad info) to get
hit. Is this even possible?
Thanks
Click to expand...

I don't think this is possible. DHCP requests are broadcasts, so the server
that is reached first and responds first, hands out the IP address.

Why don't you try working with reservations. You undoubtebly know the MAC
addresses of the PC's that are always present in the network. Just exclude
any other MAC addresses.

Kind regards,

V.
 
No. It is not. DHCP is not a security tool, in fact it is the
opposite,...using DHCP makes a system less secure. If security is a big
concern then DHCP should not be used and all machines should use static
addresses.

There are new methods being tried where some type of authentication must
occur before the machine is given an address,..but I don't have any
information on that. It is also difficult to get a grip on some of that
stuff without actually trying it and I don't have the "lab enviroment"
needed to be able to experiment with that.

There should be some guys in this group that have links to some of that
stuff,...I've seen them post it before.
 
Thanks Phil, Vaya for the replies.
I am using reservations as well as the "bogus" DHCP server. Reservations
work well,
but i was hoping there would be a way for a PC to hit a certiain DHCP server
first
before the other. I knew the request was a broadcast, but was hoping there
was
some sort of option somewhere that would do what I asked.
ah well.


No. It is not. DHCP is not a security tool, in fact it is the
opposite,...using DHCP makes a system less secure. If security is a big
concern then DHCP should not be used and all machines should use static
addresses.

There are new methods being tried where some type of authentication must
occur before the machine is given an address,..but I don't have any
information on that. It is also difficult to get a grip on some of that
stuff without actually trying it and I don't have the "lab enviroment"
needed to be able to experiment with that.

There should be some guys in this group that have links to some of that
stuff,...I've seen them post it before.
 
EN said:
Thanks Phil, Vaya for the replies.
I am using reservations as well as the "bogus" DHCP server. Reservations
work well,
but i was hoping there would be a way for a PC to hit a certiain DHCP
server
first
before the other. I knew the request was a broadcast, but was hoping
there
was
some sort of option somewhere that would do what I asked.
ah well.
Click to expand...

If you set 'deny unknown-clients' for the two DHCP servers that hand out
controlled addresses, only the third 'bogus' one will respond to clients
that have not been registered. It won't be a matter of 'hitting it first',
but untrusted clients simply only get an answer from the bogus server
 
I don't believe that is an option in Windows 2000 Server ... if it is, I'd
love to know how it works. :-)
 
You're right, I didn't realize that. Silly that they did not put that in, it
seems such a trivial and useful feature

EN, guess your answer is: you can implement what you want if you migrate to
other DHCP servers ...

Richard G. Harper said:
I don't believe that is an option in Windows 2000 Server ... if it is, I'd
love to know how it works. :-)

--
Richard G. Harper [MVP Win9x] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


If you set 'deny unknown-clients' for the two DHCP servers that hand out
controlled addresses, only the third 'bogus' one will respond to clients
that have not been registered. It won't be a matter of 'hitting it
first', but untrusted clients simply only get an answer from the bogus
server
Click to expand...
Click to expand...
 
I'd still like to know how it is done. Do you have to create a list of
"trusted" MAC addresses? how else would a machine be identified as
"trusted".
 
Back
Top