Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Bocking MAC address in DHCP

Status
Not open for further replies.
wafer157

wafer157

IS-IT--Management
Feb 17, 2005
26
US
Hello,
We have a large network and limited bandwith/network services. We are also a school system. Our problem is the kids are using their iPods, iPhones, cell phones and MP3 players on the computers. As a result it grabs an IP from DHCP, creates other problems and just becomes a headache. Although I do not want to block these services I have to.

How best can we block the MAC address in DHCP? How best can we prevent these devices from plugging into the computer? We are running server 2003 and windows XP.

We can block the MAC address from getting to the internet via our firewall, but want to block those devices from accessing any network services, or plugging them into the network.

I did see thread931-1188077, but did not see enough to help set up the block. I also need a "free" solution because like all school IT departments we have not money, LOL.

Any info or suggestions would be great.....thanks.
 
Sort by date Sort by votes
I mean you can put in reservations for those MAC addresses and give them an invalid IP; but that would be tedious from a management standpoint

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!
 
Upvote 0 Downvote
Difficult to do it for free. is a doc to read though it is a bit dull.

Stopping DHCP would be a headache. Stopping the devices from connecting to XP is far easier - the guys in the XP forum will be able to help you (in fact if you use search it has been covered several times).
 
Upvote 0 Downvote
There is a KB article on how to set up DHCP to only give out addresses to a known list of MAC addresses.

Otherwise, you're looking at 3rd party solutions like Cisco's NAC.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
you can use NAP with DHCP enforcement and make domain membership one of the things you require.

There are some links in this blog


________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!
 
Upvote 0 Downvote
It may be easier to assign reservations to valid systems and limit DHCP scopes.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Upvote 0 Downvote
My learned colleagues have enlightened me on DHCP with limits. Thanks guys.
 
Upvote 0 Downvote
802.1x port based authentication combined with RADIUS is another option. RADIUS is included as an add-on to Windows server and Windows XP and Vista machines' have a 802.1x supplicant built-in. The only variable is what type of switches you have in your environment and whether or not they will support 802.1x. Just a thought...

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Unclerico,
Can you send me a bit more information on the 802.1x/Raduus solution. Is there a KB article or web site that explains this possible solution in more detail.

BTW - we have over 1500 nodes and not enough tech's so DHCP is our only option.

Thanks
 
Upvote 0 Downvote
Wafer,

What kinds of switches are you using?? The type of switch(es) in use will depend on where you go for whitepapers/KB articles

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Was anything installed recently? Also, is this in 2000 or the Citrix?

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!
 
Upvote 0 Downvote
LOL, ignore previous post...had multiple windows open :)

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!
 
Upvote 0 Downvote
What are the model numbers??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pomazip
  • Locked
  • Question
Windows Server 2019 mac address issue
Replies
2
Views
601
pomazip
pomazip
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
885
gbaughma
gbaughma
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
830
mangentle
mangentle
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
477
Aquiles Vidal
Aquiles Vidal
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
449
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top