Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DHCP Server - Only reservations and no auto IP assignment

Status
Not open for further replies.

bence8810

IS-IT--Management
Jul 20, 2005
241
AE
Hi,

We are trying to eliminate people bringing in their own equipment, and hooking it to our Network, and therefore I would like to change the way DHCP assigns IPs.

We are running it on a Windows 2003 server, and now it assigns IPs automatically from a range.

I know how to make reservations, and I would like it to stop giving out IPs to unknown hosts, and only let devices connect whose MAC address is already rendered to an IP address.

Is this possible with Win2K3 server's DHCP service?

Thanks, any help is appreicated,

Ben
 
Hi

Any help would be appreciated with this. I have all my users on a static mapping now, but still, if I connect a new device without a mapping, it will just get an IP that has not been reserved yet.

Any way to stop this behaviour?

Thanks

Ben
 
Probibly easier to implement port security on your switches.

NAC is another option.
 
Hi

I found a solution.

I have to build the DHCP scope, then put the whole range into exclusion. Once they are excluded, the IPs wont be given out unless I map them to a specific MAC address.

The switch thing would be more secure of course, but our switches are not that high tech, they are dumb.

Thanks anyways,

Ben
 
Don't forget that your solution does not stop anyone from configuring a static address on their laptop/desktop within the IP scope you have configured so while you have eliminated one issue you may have created another.

--------------------------------------
"Insert funny comment in here!"
--------------------------------------
 
Hi

I do know that unfortunately. However, the lack of high-tech equipment only allows us to do this, and mainly what we are trying to eliminate is users hooking up their laptops. They are mostly unaware of network settings, so if it wont work, they will just stop trying.

Thanks a lot,

Ben
 
The way that I originally did this was to setup the firewall to give ips based on MAC Address. Then I started making it manual on all the computers by putting in their own personal ip address. Also by making my network Active Directory and putting the persons name in computer name I was able to eliminate most of my problems.

I can now do a netscan (free apps everywhere) and it shows who all is connected and their names and ips so if anything doesn't match my list I can delete.

Also I have heard there are ways that if someone logs on you can send an mp3 to them warning them that they are being monitored.

You could always setup your computers wiht manual address 10.222.0.xxx and have your router assign 192.168 etc and only give internet to the 10.222.0.xxx.

There are plenty of ways to do what you want it's just whichever fits.

Let me know the specific way... are you limited to just your Server doing this ?

--
-TheCloak

"You Never Know What Hits You, A Gunshot is the Perfect Way" - JFK
 
Hi

I am limited to do this only through my DHCP server, as our Firewalls are VPN'd with other countries and I have no access to it.

Also, we have about 60 PCs in the office and I dont want to change them one by one to static.

What I have done is added all the MAC addresses to my DHCP server, assigned them an IP, and then exluded the whole range from the DHCP server.

I am giving out lets say

192.168.0.1-254 and I am excluding 192.168.0.1-254 which results in a Blue exclamation mark besides my DHCP service in the console, but it seems to be working.

I am still in the testing phase however, so I will get back to you with what I find,

Cheers

Ben
 
so you are assigning 192.168.0.1-254 and also excluding the same?

That's interesting I hope it works for ya, post the results.

--
-TheCloak

"You Never Know What Hits You, A Gunshot is the Perfect Way" - JFK
 
Hi

It does work, I have used it yesterday, although I will need further testing.
The thing that bothers me is the Blue Exclamation point besides my DHCP Scope, indicating the error of no available addresses to give out.

Ben
 
well from your explanation it's stating you are assigning a range then also banning that range in the same instance... if that's true then theres your problem.

--
-TheCloak

"You Never Know What Hits You, A Gunshot is the Perfect Way" - JFK
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top