Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DHCP leases 1

Status
Not open for further replies.
DFavel

DFavel

Technical User
Dec 14, 2003
21
CA
Hello,

Does anyone know if there is a way to not give out a DHCP lease to a guest account when they plug into an internal LAN connection?

Meaning, when a contractor comes to our site and plugs in to our LAN, is there anyway to stop them from getting a DHCP lease? Have had problems with contractors infecting the LAN. I have no problem givin them internet access, but dont want them to connect through the main LAN. Any ideas? Has anyone heard of or used the HP's Guest LAN product?

Thanks in Advance,

BigDman26
A+, N+, Security+, MCSE+I
 
Sort by date Sort by votes
Perhaps not a solution based on DHCP but I would set up a separate VLAN on the port they connect to. That way you can handle the trafic just as you like.

/Eyas
 
Upvote 0 Downvote
Thanks Eyas,

I was thinking that root, but want a solution that is based on login authentication rather than setting up a vlan on a physical drop or port. Since everybody who is authorized to the network already has a user account in AD.

I have heard a little about about a internal Radius server that will bridge authentication databases with Kerberos and drop any non-authenticated users into a Guest VLAN with specific amount of permissions.

I have heard of HP Guest VLAN doing this but you must use the HP ProCurve line of switching hardware for the entire internal LAN. I am looking to see if there is away of doing this with the current mixed environment of HP and Cisco switchs.

BigDman26
A+ N+ Security+ MCSE+I
 
Upvote 0 Downvote
How many normal users? Can you set up authentication based on mac addresses?

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.
TTinChicago
Johnson Computers
 
Upvote 0 Downvote
an idea i saw somewhere else

"Create an address lease that's invalid for your network, & reserve it to the MAC address of the laptop. They'll still get an address leased to them, but not one that will allow them to communicate to the rest of the network (or even out to the internet)."

of course you would have to get the MAC address in order for this to work but it sounds like it can be used in a pinch...

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

herestone
  • Locked
  • Question
Core Switch DHCP Server Management 1
Replies
2
Views
5K
herestone
herestone
Zeenatullah
  • Locked
  • Question
How to configure DHCP and OSPF in Pfsense can anyone have any suggestion..will be appreciated..
Replies
0
Views
5K
Zeenatullah
Zeenatullah
NateRD1982
  • Locked
  • Question
Moving Router DHCP to server based DHCP
Replies
3
Views
372
NateRD1982
NateRD1982
Borvik
  • Locked
  • Question
DHCP Server - Running, but not issuing
Replies
4
Views
265
Borvik
Borvik
Harime
  • Locked
  • Question
use DHCP to change metrics and prioritize LAN over WLAN
Replies
0
Views
208
Harime
Harime

Part and Inventory Search

Sponsor

Back
Top