Announcement

Collapse
No announcement yet.

two sets of ip address on dhcp

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • two sets of ip address on dhcp

    greetings!

    how can i give ip addresses on my domain where users can have either these two sets:

    1. users with a gateway

    192.168.1.x - ip address
    255.255.255.0 - sm
    192.168.1.2 - gw
    192.168.1.2 - dns

    2. users without a gateway
    192.168.1.x - ip address
    255.255.255.0 - sm

    192.168.1.2 - dns
    Last edited by kinalas; 3rd August 2014, 04:51.

  • #2
    Re: two sets of ip address on dhcp

    What will separate the users into the two sets?
    If machine, you could use reservations.
    If user, you could look into Network Access Protection using groups to filter them.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: two sets of ip address on dhcp

      they will be separated as users..

      though all users/machines must get their ip address through dhcp. My plan is to have two groups:

      1. A group that gets IP settings with Gateway
      2. A group that gets IP settings without Gateway
      Last edited by kinalas; 4th August 2014, 07:57.

      Comment


      • #4
        Re: two sets of ip address on dhcp

        Can't seem to find the solution yet after installing NAP
        Is it true that it will only work if the two groups will have different subnets

        Comment


        • #5
          Re: two sets of ip address on dhcp

          so do you want it to work on a basis of something like this:

          User A and User B are allowed to access the internet via gateway, user C and D are not.

          when user A logs on to Computer1, it should get a gateway address.
          If User C then logs on to that computer, they should not get access ?
          If User B logs on to the same cmputer, they will get a gateway.

          do you often have the users switching the computers they work on ? (or, switching the network ports they are plugged into?


          the reason I ask is, without having looked into NAC/NAP enough - what is UserA logs on to Computer1, starts performing a task (say, an upload or download that has an important business-use-case). They lock the workstation and go away.
          UserC comes along, logs on to that computer (using switch-user).
          does the computer then re-assign it's IP address ? thus breaking everything userA was doing?

          potentially, if you have a static fleet of computers, and static users who use them, this might be a suitable scenario for vlans..
          im just tryin to get my head around how it might work
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: two sets of ip address on dhcp

            when user A logs on to Computer1, it should get a gateway address.
            If User C then logs on to that computer, they should not get access ?
            If User B logs on to the same computer, they will get a gateway. (You're Right)

            Moreover, regardless on where user A or B uses a computer to log in, it should get a gateway address.
            Regardless where use C or D logs in, it should not get a gateway.

            Comment


            • #7
              Re: two sets of ip address on dhcp

              ok - but what about a scenario where user A and C are simultaneously logged on to the same computer? (for instance, UserA has locked it and walked away, userC has logged on to a different session)

              is your outcome here for them to not have internet access? there may be oter ways to acheive this.
              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

              Comment


              • #8
                Re: two sets of ip address on dhcp

                Yes, I don't want to give them inet access but must still be on the same subnet. Any other suggestions is most welcome

                Comment


                • #9
                  Re: two sets of ip address on dhcp

                  Proxy server.
                  Either Forefront TMG (which might be end-of-life) or even something like Squid.
                  Make it an authenticating proxy - so use rhas to enter their username and password to access internet.

                  back it up with an employee IT policy that outlines what happens if they share their passwords.

                  make sure you review logs regularly so you can catch people using passwords on computers they don't belong
                  Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                  Comment


                  • #10
                    Re: two sets of ip address on dhcp

                    does it mean that there is no way i can solve it thru windows 2012 alone without implementng proxy

                    Comment


                    • #11
                      Re: two sets of ip address on dhcp

                      Originally posted by kinalas View Post
                      does it mean that there is no way i can solve it thru windows 2012 alone without implementng proxy
                      No.

                      IP Addresses are issued to a computer rather than a user.

                      What are you using as a firewall?? You MAY Be able to do something with that rather than implement a proxy but for fine grained access you need something else.

                      Comment

                      Working...
                      X