External users

[siki85]

Hi !!

We have a server configured with Active Directory.

Our LAN works with DHCP. I would like to restrict external users (with laptop or PCs) to retrieve IP address from our LAN when they visit our company.

Unfortunately we have no control with this.

Last day, a guest connect his laptop to our LAN...guess what....this machine acquired an IP address and he could see our servers like another internal user.

What policies we can use on Active Directory to block DHCP to external PCs ?

Any advice please...

 

[58sniper]

You can't. DHCP happens too early in the process.

Turn off all unused jacks, for one.


Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[siki85]

What about MacFilterCallout.dll ??

This will work ??

 

[58sniper]

If you've got more than a couple dozen machines, though, that method becomes troublesome to administer. Cutting off unused LAN ports, especially those in public access areas, makes good security sense.

Something like Cisco's NAC would work really well.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[dberg35]

The other options are set all your pc's with a static ip, config RRAS or put your guest internet services on a VLAN.

 

[itsp1965]

Have you considered setting up VLAN on your switch that will segregate these guest users.

 

[Lemon13]

siki85

What about MacFilterCallout.dll ??

general yes, depending on the size of your network it can be a hassle

M. Knorr

MCSE, MCTS, MCSA, CCNA