1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Restricting DHCP

Discussion in 'Windows XP' started by bigsnowy, Dec 12, 2001.

Thread Status:
Not open for further replies.
Advertisement
  1. bigsnowy

    bigsnowy Thread Starter

    Joined:
    Sep 26, 2000
    Messages:
    122
    Howdy Y'all I gotta use your Brain for a sec....

    Is there any way to prevent unauthorized users from plugging in to my network/domain? (ie with laptops) and getting an IP?
    I know that they will be very limited in movement even with them getting an IP but still I want to try and prevent it from happening period.

    This is a large organization so assigning by MAC for each and every PC is not feasable and limiting the DHCP scope to the exact number of clients we currently have is not an option either.

    This is a windows 2000 domain with 90% win2k Pro clients.

    Thanks!
     
  2. Dan O

    Dan O

    Joined:
    Feb 13, 1999
    Messages:
    8,974
    The problem is that a person does not have to logon to the domain to get an IP address and use the network, so even if you could block using Windows 2000 it would not really help. You mention the number one method, using Mac addresses but it does require a lot of work. Another option is you could purchase routers or switches that offered port security. Or Cisco's URT (User Registration Tool), which can be tied to an Windows IDs.
     
  3. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    How are they logging in as unauthorized users in the first place? Don't you use some kind of authentication for users to access your network? What's wrong with a username and password. Windows and DHCP will not normally give an IP addres unless they are authenticated by a login session.
     
  4. bigsnowy

    bigsnowy Thread Starter

    Joined:
    Sep 26, 2000
    Messages:
    122
    I am actually looking into the URT recommendation right now.

    They are not loggin in as unauth. users right now, I was just trying to my unauthorized Computer/Laptops from plugging into the network and getting an IP from the DHCP.

    They can't login but they are able to see the number scheme 192.168.x.x etc

    All computers get an IP at boot up on a DHCP w/ automatic DHCP clients, not when they login.
     
  5. Dan O

    Dan O

    Joined:
    Feb 13, 1999
    Messages:
    8,974
    The URT uses layer 2 and 3 switching. What you do with the URT is setup your local LAN with no default routed connections. A user is prompted for a ID and password and it's validated. If authorized the user is the switched to a group they belong too. i.e. Accounting or Sales. The URT is pretty cool.
     
  6. p5mmx10g

    p5mmx10g

    Joined:
    Oct 6, 2001
    Messages:
    139
    reconfig the dhcp server
    use static. that will restic any unwanted connection to your network, other wise if a laptop using windows 98 will see your dhcp
     
  7. bigsnowy

    bigsnowy Thread Starter

    Joined:
    Sep 26, 2000
    Messages:
    122
    to much overhead to configure all 500 or so machines to a static ip.
     
  8. p5mmx10g

    p5mmx10g

    Joined:
    Oct 6, 2001
    Messages:
    139
    i don't think there is anyway to stop this.

    the computer can't tell who is authorized and who is not, unless you do something on it.
     
  9. myrddinbach

    myrddinbach

    Joined:
    Apr 25, 2008
    Messages:
    3
    Use IAS authentication. Set your switches for PEAP and use IAS w/ PEAP and certificates. You can set it for computer authentication only - then if you plug in a rogue machine that is not part of a domain it will fail to authorize and you will get an apipa address and no connectivity.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/61567

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice