Announcement

Collapse
No announcement yet.

Deny host from Getting configuration from DHCP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Deny host from Getting configuration from DHCP

    hello,
    How can I deny a host on a network from getting it's IP configuration from a DHCP server.
    what is the configuration can be done to prevent this host from being one of my network memebers.

    This host is not a specific host (i.e No fixed MAC).

    in other words
    How to prevent unauthorized MAC ( unknown) from getting it's TCP/IP configuration from DHCP Server.

  • #2
    Re: Deny host from Getting configuration from DHCP

    There is no easy solution to this problem...

    You can create a scope that is composed entirely of reserved IPs restricted by MAC (make sure to set the Restrict to Known MAC Address server
    parameter to True) however this will not stop someone from using a static IP, or you can implement 802.1x authentication but this requires a compatible
    operating systems, switches that can use it, a Certificate Authority, and an IAS server on the network.

    As far as I know there are no other ways to achieve what you're seeking at the server level.

    There are ways to restrict access to the network at the switch by ACL or you can create a quarantine VLAN, to which the dhcp clients have initial access and if subsequent tests are passed, they are then allowed out.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Deny host from Getting configuration from DHCP

      Originally posted by saudyonline
      hello,
      How can I deny a host on a network from getting it's IP configuration from a DHCP server.
      manually configure the TCP/IP properties of the host

      Originally posted by saudyonline
      what is the configuration can be done to prevent this host from being one of my network memebers.
      configure it with an APIPA address (169.254.xxx.xxx)
      Yesterday we stood at the edge of the abyss. Today we are a step further...

      Comment

      Working...
      X