Re: DHCP restriction via MAC...

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/18/05 

Date: Tue, 17 May 2005 20:57:15 -0500

You could try to create a DHCP scope that has nothing but reservations which
map a mac address to an IP address in the scope. That can be very time
consuming on all but the smallest networks and I have read of users saying
that DHCP still would dish out a reserved IP address to a computer if no
other IP addresses were available and there were reserved IP addresses not
in use.

DHCP reservations can be very useful but they are a poor security safeguard
as a user could simply assign static IP info to his computer that would
allow access and even potentially deny a legitimate computer from receiving
an IP address if the user assigns an IP that is in the DHCP scope already.
Switches that can filter traffic by mac addresses, use 802.1X
authentication, or using ipsec in the domain are other ways to increase
security to prevent access from unauthorized computers. Mac filtering can be
easily spoofed by malicious users, 801.1X takes a lot of planning and
compatible hardware/operating systems, and ipsec can be very effective in a
domain if all the computers are ipsec capable. Ipsec can not however prevent
a computer from using DHCP server since DHCP is broadcast based but it can
prevent a non domain computer from accessing a domain computer with an ipsec
"require" policy with default kerberos computer authentication. --- Steve

"Steven Sinclair" <StevenSinclair@discussions.microsoft.com> wrote in
message news:098C4021-7036-4DBD-8171-8F33AA6ED0B9@microsoft.com...
> Windows 2003 Server Enterprise Edition
> Windows Built-In DHCP Service
>
> Is there any way to restrict whether or not a client on a local LAN
> receives
> a DHCP address from my server based on MAC address?
>
> Let's say I have a visiting vendor. I do not want that notebook computer
> to
> automatically pick up an IP address from my server as soon as he plugs the
> machine into my network. Instead, knowing his MAC address, I'd want the
> server not to assign him one.
>
> Thanx.

Relevant Pages

  • Re: How do I enable dynamic ip address release?
    ... Did you use the wizardfrom SBS to configure the DHCP ... machines use DHCP and no fixed addresses and the server is ... pool and how many reservations do you have? ... anyone plugs into my network they automatically get an IP ...
    (microsoft.public.windows.server.networking)
  • Re: Static IP outside of router DHCP range
    ... This would avoid the need for DHCP entirely, ... server IP statically will at least avoid the problem of the clients ... DHCP from the router, you could turn it off in the router and use static ... So I have no way to either reserve IP addresses based on Mac addresses, ...
    (alt.comp.hardware.pc-homebuilt)
  • RE: DHCP
    ... Asunto: Re: DHCP ... I am looking for a way to block any PC that plugs into my network ... Windows Server 2008 can do this, but I'm not sure about 2003. ... MAC, this server will send IP address and parameters for configure the ...
    (Security-Basics)
  • Re: Cant access secure Web pages
    ... server. ... This is a description of how you may, in the future, configure a DHCP ... network, and which need to be contacted via the Default Gateway. ... with it's hardware Ethernet MAC address in. ...
    (uk.comp.sys.mac)
  • Re: Error DHCP Windows 2008 R2, DHCP client is not a reserved clie
    ... We splitted to scope-range as we have two DHCP servers. ... Reservations are done on both servers. ... So at one DHCP server the Reservations is outside the range but inside the ... So it appears the reservation was outside of the scope, ...
    (microsoft.public.win2000.networking)