No announcement yet.

Preventing the assign of an IP address by DHCP server

  • Filter
  • Time
  • Show
Clear All
new posts

  • Preventing the assign of an IP address by DHCP server

    Guys, How can I make our DHCP server not to assign an IP address to a guest system in our domain. Ex: Someone that brings its laptop and try to connects to our domain. I want to prevent our DHCP server to assign an IP address to the guest computer.

  • #2
    That's a problem. Microsoft DHCP does not have any built-in authentication features. No can do, not with MS technology.

    However if it's really important (i.e. security issues) then you should look into 802.1x-enabled switches.

    For example:

    IEEE 802.1X: Practical Port Control for Switches:

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services


    • #3
      There is no easy solution to prevent DHCP server issuing IPs to non
      domain clients.
      But you can isolate the network from another ways.
      If you are worried about attacks well you should be.
      Even without DHCP it's pretty easy to figure out what IPs you use on your local network.

      This would prevent any computer that is not part of domain to communicate with other members of domain since Kerberos is used for IPSec authentication.
      Problem here is the old operating systems win98, ME, 95 and NT (no possible).

      See this article from MS about IPSEC network isolation:

      And that one about How to use ipsec:

      Hope it helps [/url]
      MCSE w2k
      MCSA w2k - MCSA w2k MESSAGING
      MCDBA SQL2k


      • #4
        Well it depends on how big your network is. We have setup reservations for all our known clients and then there are none available for 'new' clients. Any new ones need to be added.

        For bulk ways of doing this you firstly need a tool to get mac addresses (i think we used GetMAC) and then use a resource kit tool called DHCPCMD that can add DHCP reservations in a batch file.
        Server 2000 MCP
        Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


        • #5

          You have been warned, but you have chosen to ignore what we had to say. You have again copy&pasted without stating the source, making it look as if it was your own answer.
          (does Miha Pihler's response ring a bell ?)

          This kind of behavior is not welcome here. We appreciate your help to others till now and thank for that, but we are not ready to tolerate copyright infringements in these forums. Your nick has been banned. As I have mentioned before: the rules apply to everyone, no matter who you are !
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"