Announcement

Collapse
No announcement yet.

DHCP Deny Certain Clients

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DHCP Deny Certain Clients

    Hi,

    I have two networks one secure and one not so secure.

    How can I prevent secure users plugging their laptops in a getting an IP address from a DHCP server on the "not so secure" network? Both networks are win2k3 running MS DHCP. Is there a way of using class ID's?

    I know I can do it with Linux or using class ID's to give fake details like gateway and DNS but i want to stick with MS and want to prevent getting an IP all together.

    The 'not so secure' network is fairly relaxed so we are unable to restrict by MAC address.

    Thanks
    Last edited by korin; 29th April 2008, 09:41.

  • #2
    Re: DHCP Deny Certain Clients

    MS implements Class ID's also - why don't you use that? There is no other way to identify a client, before it has an IP address.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: DHCP Deny Certain Clients

      Originally posted by Stonelaughter View Post
      MS implements Class ID's also - why don't you use that? There is no other way to identify a client, before it has an IP address.

      I know MS uses class ID's but I can only set them to manipulate DHCP options. Is there away of denying leasing an address if your class ID matches a predifned one.

      My first thought was in the secure network run a script to assign a class ID to the laptops and if that class ID appeared on the 'not so secure' netowrk I could deny but I cant see a way of doing it.


      Cheers

      Comment


      • #4
        Re: DHCP Deny Certain Clients

        Not to deny, no - but you can give that class of laptop a nonsensical gateway such as 10.20.30.40 when your network is 192.168.0.0. No machine with this setup will ever talk on a LAN. You can also give it nonexistent DNS servers and WINS servers and a stupid DNS Suffix.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment


        • #5
          Re: DHCP Deny Certain Clients

          Originally posted by Stonelaughter View Post
          Not to deny, no - but you can give that class of laptop a nonsensical gateway such as 10.20.30.40 when your network is 192.168.0.0. No machine with this setup will ever talk on a LAN. You can also give it nonexistent DNS servers and WINS servers and a stupid DNS Suffix.
          That's what I more or less decided to do but thought I would ask the audience. I didnt really want 'secure' device even getting an IP on the 'non secure' network.

          I might look in to win2008 NAP and see if that can do anything.

          Thanks for your help.

          Comment

          Working...
          X