Secured DHCP ?

[Nathan Guidry]

Ok, here's the situation, how do you stop someone from unplugging their
workstation and plugging in their personal laptop and connect to your
network. Other than doing reservations for all the computers with dhcp, is
there a way to have a pool of MAC addresses that are allowed to get leases
from DHCP servers? Or, how would you stop a person from plugging into your
network and getting an IP address?

 

[Marc Reynolds [MSFT]]

DHCP doesn't have any built in security. Even if you could prevent a client
from getting a DHCP address, there is nothing from stopping him/her from
looking at the IP config on the network and statically configuring an
unauthorized client and access your network. The best security is to lock
down your shares and data carefully allowing only access to the
authenticated users you want to access it.
Reservations are the way to "have a pool of MAC address that are allowed to
get leases". Just make reservations for "authorized" clients and exclude any
unused addresses in the scope.


--

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Sartan Dragonbane]

This sounds like a job for Cisco, static mac address mapping, and port
security!