prevent a computer to get a IP address in DHCP

  • Thread starter Thread starter Lars
  • Start date Start date
L

Lars

Hi

Is there a way to prevent computers to get an IP address in DHCP with out
using a router? Because I have a domain (Domain A) and the users of that
domain shall access a neighbor domain (B) but I don't want to let the users
on the other domain ( Domain B) to get access to domain A. The problem is
when I connect domain a to the domain B users on domain B gets an IP address
from domain A.
 
Lars said:
Is there a way to prevent computers to get an IP address in DHCP with out
using a router? Because I have a domain (Domain A) and the users of that
domain shall access a neighbor domain (B) but I don't want to let the users
on the other domain ( Domain B) to get access to domain A. The problem is
when I connect domain a to the domain B users on domain B gets an IP address
from domain A.
Click to expand...

Set up an IPsec Policy on the DHCP server for the DHCP ports (546/547) to
require security (integrity only) and Kerberos authentication. Unless
your domains trust each other, then you could set up a shared secret.

--
Matt Hickman
Army paymasters come in only two sizes; one sort shows you where the
book says that you can't have what you have coming to you; the second
digs through the book until he finds a paragraph that lets you have
what you need, even if you don't rate it.
Robert A. Heinlein (1907 - 1988)
_The Door Into Summer_ 1956
 
Create two Groups in Users and Groups giving the Domain A group access to
all network resources and the Domain B group limited network access.
 
Set up an IPsec Policy on the DHCP server for the DHCP ports (546/547) to
require security (integrity only) and Kerberos authentication. Unless
your domains trust each other, then you could set up a shared secret.
Click to expand...

Another way to do this is with DHCP class id info. For example,
for every workstation that you want to be serviced by your DHCP
server, set them up with the 'feedme' DHCP class id for their LAN
NIC:

ipconfig /setclassid "local area connection" feedme

Then, at the DHCP server, you configure it to only prarcel out
IP addresses to those adapters with the DHCP class ID set to feedme.

--
Matt Hickman
I think girls should be raised in the bottom of a
deep, dark sack until they are old enough to know
better. Then, when it came time, you could either
let them out or close the sack and throw them away,
whichever was the best idea.
- Robert A. Heinlein _Farmer in the Sky_
 
Back
Top