Re: DHCP ENCRYPTED TO DOMAIN MEMBERS

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/29/04 

Date: Thu, 28 Oct 2004 22:36:13 -0700

I think you are trying to head down a fruitless road.
Use of a quanantine vlan is the most direct solution.

(Bootp and its udp traffic has nothing to do with a
DHCP lease negotiation.) 

-- 
Roger Abell
"Oseas Millan" <OseasMillan@discussions.microsoft.com> wrote in message 
news:4F48D9CE-EC5C-465A-BA41-FD3F3FFF278D@microsoft.com...
> Thanks Roger.
> Can I Encrypt the acknowledge ip message by IPSec? or Make Secure the UDP
> port 67 an 68?
>
> Thanks for help me, have a nice day
>
>
>
> "Roger Abell" escribió:
>
>> Well, you cannot use IPsec directly as the machines do
>> not yet have a configured IP stack.
>> You may want to look into a quarantine style use of an
>> initial vlan handed out to any machine by dhcp, followed
>> by configuration with an IP validly routable on the corp
>> network after checks.
>> Alternatively, and painfully, you could control this by
>> having all IPs in the DHCP scopes reserved by MAC
>> (Note: this one is fallible/spoofable).
>>
>> -- 
>> Roger Abell
>>
>> "Oseas Millan" <OseasMillan@discussions.microsoft.com> wrote in message
>> news:12D16F10-554D-47E6-AAE4-D841BB7C0AC6@microsoft.com...
>> > Good Day.
>> >
>> > We Have a big Client, and we need to implement DHCP security, the 
>> > security
>> > consist is the only the domain members can have an IP via DHCP, the
>> visitors
>> > computers cannot obtain an IP via DHCP. I don´t know how implement this
>> > solution, I Was try whit IPSec without results.
>> >
>> > Thanks for  Help me.
>> >
>> >
>>
>>
>>