Announcement

Collapse
No announcement yet.

DHCP Scope settings

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DHCP Scope settings

    The present configured scope distributes the range of IP address and Default gateway (Router) address. How to configure the scope to distribute the IP and Default gateway address to some users and distribute only IP address for other users which helps to prevents them from access internet?.
    Note - All users are on the same subnet. (255.255.255.0)

  • #2
    Re: DHCP Scope settings

    My take of your explanation is that you have two groups of computers. Group A that is allowed to access the internet and Group B that is not allowed to access the internet.

    The way that we approach the problem depends on how important it is that the computers in Group B are blocked from the internet, how many computers we are dealing with and how much the amount of computers will change.

    If only a few computers are not allowed internet access you could always create a reservation for each computer with the gateway set to 0.0.0.0, this does require one entry for each computer not allowed to access internet and you will have to gather the MAC address of each network interface card in order to create the reservations.
    A wise man once said: "Assumption is the mother of all fu*k ups".

    Any advice I give is to the best of my knowledge, there is no guarantee what so ever that it will actually work in your particular scenario. I will not accept any responsibility for unexpected consequences, after all - you are taking advice from a complete stranger over the internet. =)

    Comment


    • #3
      Re: DHCP Scope settings

      what about a fake proxy by using a GPO?
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: DHCP Scope settings

        Originally posted by Anders View Post
        My take of your explanation is that you have two groups of computers. Group A that is allowed to access the internet and Group B that is not allowed to access the internet.

        The way that we approach the problem depends on how important it is that the computers in Group B are blocked from the internet, how many computers we are dealing with and how much the amount of computers will change.

        If only a few computers are not allowed internet access you could always create a reservation for each computer with the gateway set to 0.0.0.0, this does require one entry for each computer not allowed to access internet and you will have to gather the MAC address of each network interface card in order to create the reservations.
        Hi Anders! thanks for the reply.

        Its very important to block the computers in Group B.
        The number of computers (Group A) to access internet is 35 and 65 computers (Group B) are blocked frm the internet. Very less amount of computer will change.
        Guess, it would be difficult to create reservation for 60 computers......... Is thr any user group policy in DHCP scopes???.....

        Comment


        • #5
          DHCP Scope settings

          The present configured DHCP scope distributes the range of IP address and Default gateway (Router) address. How to configure the scope to distribute the IP and Default gateway address to Group A (40 users) and distribute only IP address for Group B (60 users) which helps to prevents Group B from access internet?.
          Note - All users are on the same subnet. (255.255.255.0)

          Plz any1 help me

          Comment


          • #6
            Re: DHCP Scope settings

            Use ISA to prohibit Internet access to Group B.
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: DHCP Scope settings

              But windows server 2003 is not been installed with ISA server 2000, Is thr any other solution???

              Comment


              • #8
                Re: DHCP Scope settings

                you're other firewall?
                And ISA 2000 is a bit outdated...
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: DHCP Scope settings

                  yes, configured juniper SSG 140 firewall.

                  Comment


                  • #10
                    Re: DHCP Scope settings

                    jose2k_in,

                    Please dont double post as per forum rules:

                    http://forums.petri.com/announcement.php?f=25

                    I have merged your threads into 1 as both threads had replies. Consider this a warning.

                    Thanks

                    Michael
                    Michael Armstrong
                    www.m80arm.co.uk
                    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    Comment


                    • #11
                      Re: DHCP Scope settings

                      give the users a static ipaddress via a reservation and give them a deny on the firewall.
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: DHCP Scope settings

                        Moderator

                        Thank you very much

                        ________
                        Jose

                        Comment


                        • #13
                          Re: DHCP Scope settings

                          But the number of computer to block the internet access is quite more (60)...... I guess, wouldnt be a gud practice to keep reservation of 60 Ip address manually...

                          Comment


                          • #14
                            Re: DHCP Scope settings

                            yeah well... if you have some money there is quite a nice solution for it..

                            Install Windows 2003
                            Install ISA 2004/2006 in proxy mode in the domain.
                            Create a AD group for example deny_internet.
                            Add a ISA rule:
                            source: Internal networks
                            Destination External
                            protocols: all
                            users: Deny_internet

                            Place the rule above the allow rule and you're done...
                            Marcel
                            Technical Consultant
                            Netherlands
                            http://www.phetios.com
                            http://blog.nessus.nl

                            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                            "No matter how secure, there is always the human factor."

                            "Enjoy life today, tomorrow may never come."
                            "If you're going through hell, keep going. ~Winston Churchill"

                            Comment

                            Working...
                            X