DHCP

rod

Distinguished
Apr 3, 2004
180
0
18,680
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Hello,

I work in a network in which DHCP is working correcting. My problem is keeping rogue users from accessing our Internet gateway. In this college campus setting, I have no way to keep anyone from plugging into the network and using the Internet throughout two departments. The DHCP server, obviously, will issue an IP address if one is available. The rogue users cannot enter our Active Directory domain. I could issue static addresses mapped to MAC addresses, but that defeats the purpose of DHCP. I have no idea how to keep the gateway from from being used by rogue users. Thanks for any help!
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Rod,

If rogue users can't get at your internal network and all
you need to protect is your Internet gateway, I'd suggest
solving the problem on the gateway. If you run some sort
of proxy server software, it may be able to use the
Windows networking credentials of the logged-in user to
allow or deny Internet access.

Steve

>-----Original Message-----
>Hello,
>
>I work in a network in which DHCP is working correcting.
My problem is keeping rogue users from accessing our
Internet gateway. In this college campus setting, I have
no way to keep anyone from plugging into the network and
using the Internet throughout two departments. The DHCP
server, obviously, will issue an IP address if one is
available. The rogue users cannot enter our Active
Directory domain. I could issue static addresses mapped
to MAC addresses, but that defeats the purpose of DHCP. I
have no idea how to keep the gateway from from being used
by rogue users. Thanks for any help!
>.
>
 

Tellme

Distinguished
Oct 14, 2003
64
0
18,630
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Rod,
Sorry but ur question needs more clarity.Anyhow as icould understand is u want to prevent rouge users from acessing ur network with using DHCP also.If this is right then i would say to get the list of all mac address and put inthe dhcp scope of not allowing or assigning ip address to it by dhcp server or u need a firwall may be proxy to prevent.
 

Jim

Distinguished
Mar 31, 2004
2,444
0
19,780
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Rod,

You are wanting the same as I if understand correctly. I do not want ANY computer to touch the backbone (No IP assigned period). The only way I know how to do this is to use the core switch for filtering the list of MAC's with authorization. I could care less whether or not the get on the web. I don't want them to be able to connect "at all" for security and virus reasons. If anyone knows what they are talking about with DHCP the should know the address is Dynamic and the reservation function WILL NOT WORK except for Static IP's.