Block iphone / devices from getting IP add from DHCP

[jesperloh]

Hi guys, I've came across IP address that aren't enough for some users in the company. The IP addresses are more than enough to cater to the user's notebook or PC. However, some users does not know that there are actually limits to the IP we have, so quite a number of them actually uses their mobile / pads to tap the company's wireless.

I was wondering if i could restrict that particular user from tapping onto the network. I know it sounds a bit impossible because DHCP doesnt have that smart function to block whoever we sees deemed as a "nuisance". Ideas will be appreciated!

 

[MikeKF]

Bandwidth can be affected by extending the range of private IP addresses, and to differing degrees depending on the rest of the network configuration.

DHCP can be set to provide illegal public addresses. It shouldn't.

"Private intranets that have no intent on connecting to the Internet can choose any addresses they want, even public addresses that have been assigned by the InterNIC. If an organization later decides to connect to the Internet, its current address scheme might include addresses already assigned by the InterNIC to other organizations. These addresses would be duplicate or conflicting addresses and are known as illegal addresses . Connectivity from illegal addresses to Internet locations is not possible."

"For the hosts within the organization that do not require direct access to the Internet, IP addresses that do not duplicate already-assigned public addresses are required."

http://technet.microsoft.com/en-us/library/cc958825.aspx

 

[jesperloh]

Hmm, i am already under a domain, users under the domain is with the ip of 192.1.2.xx and guests that have direct internet conenction will be 192.168.xx.xx. The thing is even if they are not in the domain, but they were to connect to our ethernet cables, it will still relay them to our network, and security can be compromise. Therefore we only allow them to connect through wifi to 192.168 private address. Yeap, there are roughly 140 operating PCs in the company.

The bandwidth shouldnt be a concern right now as it's quite stable so far. The only thing that im concern is the changing of the private add, and to set up the subnet and mask and everything. Files are shared everywhere through the server, everything pertaining to the current private add will need to be changed also.. This is really going to be tough.. Real tough.. =(

 

[MikeKF]

I agree that it is highly unlikely bandwidth will be an issue. Even though the IP address pool becomes bigger doesn't mean that all the available addresses will get used. Something still doesn't sound right about the IP addresses and the way your network is set up, so please don't rely on anything I said. I feel I am not qualified enough to give advice for you to rely on and this is a quest for knowledge on my part too. I would appreciate it if you post whatever solution you use to your problem.

I would also look at this as both a knowledge building exercise and the reason you are getting paid. Without these challenges, there would be no need for your job, so be thankful for them.

 

[jesperloh]

Well, i think this has been an issue for quite awhile, even before i entered the company @.@ I will figure out the solutions soon. On the other hand, no one of superior positions than me want to take up this s**t, and im paid nuts, so, i will decide whether to carry on with it even if i found solutions pertaining to this. In the future if i'd set it up, i will post an update on this issue! =D

 

[wparrish]

I came up with a simple solution at my company for this same issue. I attached my 5 wireless routers WAN ports to my internal LAN and gave each of them different private LAN subnets and each provide their own DHCP, therefore Ll wireless clients communicate directly with Internet and not on my LAN.

Example:
My LAN: 10.1.10.1
Wifi 1: 192.168.2.0 DHCP 192.168.2.100-250
Wifi 2: 192.168.3.0 DHCP 192.168.3.100-250
Both Wifi 1&2 have DHCP WAN addresses from my LAN
(10.1.10.100 & 10.1.10.101)
No traffic passes between any of these routes.
Hope this helps!