Restricting DHCP

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bigsnowy

Thread Starter
Joined
Sep 26, 2000
Messages
122
Howdy Y'all I gotta use your Brain for a sec....

Is there any way to prevent unauthorized users from plugging in to my network/domain? (ie with laptops) and getting an IP?
I know that they will be very limited in movement even with them getting an IP but still I want to try and prevent it from happening period.

This is a large organization so assigning by MAC for each and every PC is not feasable and limiting the DHCP scope to the exact number of clients we currently have is not an option either.

This is a windows 2000 domain with 90% win2k Pro clients.

Thanks!
 
Joined
Feb 13, 1999
Messages
8,974
The problem is that a person does not have to logon to the domain to get an IP address and use the network, so even if you could block using Windows 2000 it would not really help. You mention the number one method, using Mac addresses but it does require a lot of work. Another option is you could purchase routers or switches that offered port security. Or Cisco's URT (User Registration Tool), which can be tied to an Windows IDs.
 
Joined
Jul 29, 2001
Messages
21,334
How are they logging in as unauthorized users in the first place? Don't you use some kind of authentication for users to access your network? What's wrong with a username and password. Windows and DHCP will not normally give an IP addres unless they are authenticated by a login session.
 

bigsnowy

Thread Starter
Joined
Sep 26, 2000
Messages
122
I am actually looking into the URT recommendation right now.

They are not loggin in as unauth. users right now, I was just trying to my unauthorized Computer/Laptops from plugging into the network and getting an IP from the DHCP.

They can't login but they are able to see the number scheme 192.168.x.x etc

All computers get an IP at boot up on a DHCP w/ automatic DHCP clients, not when they login.
 
Joined
Feb 13, 1999
Messages
8,974
The URT uses layer 2 and 3 switching. What you do with the URT is setup your local LAN with no default routed connections. A user is prompted for a ID and password and it's validated. If authorized the user is the switched to a group they belong too. i.e. Accounting or Sales. The URT is pretty cool.
 
Joined
Oct 6, 2001
Messages
139
reconfig the dhcp server
use static. that will restic any unwanted connection to your network, other wise if a laptop using windows 98 will see your dhcp
 
Joined
Oct 6, 2001
Messages
139
i don't think there is anyway to stop this.

the computer can't tell who is authorized and who is not, unless you do something on it.
 
Joined
Apr 25, 2008
Messages
3
Use IAS authentication. Set your switches for PEAP and use IAS w/ PEAP and certificates. You can set it for computer authentication only - then if you plug in a rogue machine that is not part of a domain it will fail to authorize and you will get an apipa address and no connectivity.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top