Windows 2003 DHCP

[bustamove]

Is there a way to limit unauthorized hosts connecting to Windows 2003 DHCP environment? We have 30% pre-win2k, linux, mac and others, so windows-only (domain-only)solution may not work...we have Cisco ACS, does it help in any way? thanks so much

 

[WhoKilledKenny]

The issue is that a client needs to get an IP Address first before it can communicate with a Domain Controller to get "Authorized."
We rely on our Networking team to use MAC-to-Port locking so that only authorized PC's can actually use active network drops. If someone comes in with a laptop and connects to an active port, they would not be able to get on the network since their MAC address is unknown. So, no talkie on the Network = no talkie to DHCP.

Jesse Hamrick

http://www.powershellpro.com

 

[itsp1965]

A lot of folks tend to use guest VLANs in their enviornments which isolates visiting users from connecting to the main network, but allows them access to the internet for instance.
You mentioned Cisco ACS. I am not familiar with the product but doesn't work like a Radius server? You can use ACS as a "buffer" between your network and these guests.
Hope this helps.

 

[WhoKilledKenny]

itsp brings up a good point. We accomplish this via wireless access point. Visitors connect to the wireless network which is outside of our LAN and used to access the Internet only. For those visitors that require access to resources within our network either use a VPN client or Citrix Remote Access.

Jesse Hamrick

http://www.powershellpro.com