Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Prevent DHCP Lease unless Authenticated

Status
Not open for further replies.
Nes007

Nes007

Technical User
Feb 10, 2005
4
US
I would like to know if there is a way to prevent folks from getting a DHCP released IP. If someone were to connect a PC to the domain they would get an IP, but would not be able to be on the domain unless it was added to Active Directory. I want to take it a step further and prevent folks from obtaining an IP unless it is in AD.
Even though they have an IP and can't enjoy the domain resources they are still able to surf. I want to prevent that from happening.

 
Sort by date Sort by votes
how the AD would know if the PC is "good" or "bad" without IP assigned?

The AD uses IP to communicate and it's a requred for AD to run.

You probably should be able to play with reservations and MAC filters, but I think it's road to a management nihjtmare
 
Upvote 0 Downvote
Unless you have a lot of nodes, maybe turn off DHCP and use static addressing.

pc.gif

Jomama
 
Upvote 0 Downvote
avilov - What you say is true, but there is a way. By adding the computer name to AD. You would need the neccesary rights to able to add a machine to your network. Then you would have DHCP verify that the name is there and then you get an IP. That would be the goal. MAC filtering is great, but when you are dealing with over 10K systems across the country it would be a nightmare especially in the begginging.

Jomama46 - Static Addressing would be crazy in the case. As I told avilov there are over 10K systems that would need static addresses and a managing system to be able to implement this. Too much potential to create another nightmare.

I found this out. has the technology for this issue called SAFE DHCP. It seems to have a good reputable partner list that implement this.

I am still doing research on this, but it has potential.
 
Upvote 0 Downvote
Another option maybe to look at implementing 802.1x, this prevents a port from becoming active unless the device is authenticated.
 
Upvote 0 Downvote
TripleT - Can you elaborate a little on how to implement 802.1x? Do you mean having to implement wireless or wireless security technology on ethernet?
 
Upvote 0 Downvote
Basically, although 802.1x has originated from Wireles it can be used on ethernet.

I believe, but stand to be corrected, that in order to get it to work on Cisco, you have to have Wireless support but do not need to use Wireless Access Points.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Kevinillingw
  • Locked
  • Question
DHCP Router or Server
Replies
0
Views
87
Kevinillingw
Kevinillingw
matab
  • Locked
  • Question
dhcp in win7 x64
Replies
0
Views
56
matab
matab
stduc
  • Locked
  • Question
Can't find DHCP server
Replies
3
Views
100
stduc
stduc
jsteph
  • Locked
  • Question
My MAC address shows up twice in DHCP list--why?
Replies
9
Views
131
jsteph
jsteph
MarcLodge
  • Locked
  • Question
DHCP problem - ip address 169.254.xx.xx being assigned
Replies
3
Views
174
gr8tWeslEy
gr8tWeslEy

Part and Inventory Search

Sponsor

Back
Top