+ Post New Thread
Results 1 to 12 of 12
Network and Classroom Management Thread, Limiting DHCP Access in Technical; Hi all Quick question - i know its possible to do this but need to work out how exactly to ...
  1. #1

    Join Date
    Jul 2010
    Posts
    124
    Thank Post
    61
    Thanked 2 Times in 2 Posts
    Rep Power
    9

    Limiting DHCP Access

    Hi all

    Quick question - i know its possible to do this but need to work out how exactly to do it!

    We currently have our DHCP server setup to allow access for any device plugged into our network.

    What i want is for devices only with reservations to gain an IP. How do i go about this?

    Thanks

  2. #2

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,934
    Thank Post
    138
    Thanked 290 Times in 210 Posts
    Rep Power
    193
    2008r2 dhcp?

  3. Thanks to Theblacksheep from:

    mcnallyfc (18th October 2010)

  4. #3

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,343
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    With the mac address callout filter installed on a 2003 DHCP server or with a 2008 R2 DHCP server as that has the callout dll functionality built into it.

    This enable you to either deny dhcp leases based on a devices mac address or to allow on those with a mac address which matches the internal list to obtain a dhcp lease.

    Ben

  5. Thanks to plexer from:

    mcnallyfc (18th October 2010)

  6. #4

    Join Date
    Jul 2010
    Posts
    124
    Thank Post
    61
    Thanked 2 Times in 2 Posts
    Rep Power
    9
    Thanks both but got my answer

    Was Server 2003 SP2, Just need to create new exclusion range for that scope covering all IPs and then only reservations will get IP then

  7. #5


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,630
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    .....until they read the mac address label on the underside/back of a random machine, turn said machine off and spoof the mac. It's trivial enough to grab a list of mac addresses off the wire without needing a valid IP.

  8. #6

    Join Date
    Jul 2010
    Posts
    124
    Thank Post
    61
    Thanked 2 Times in 2 Posts
    Rep Power
    9
    Quote Originally Posted by pete View Post
    .....until they read the mac address label on the underside/back of a random machine, turn said machine off and spoof the mac. It's trivial enough to grab a list of mac addresses off the wire without needing a valid IP.
    Yep or they dig a hole in street and tap into the fibre link and get everyones passwords and then logon as admin and ruin the network........


  9. #7

    Join Date
    Sep 2010
    Posts
    548
    Thank Post
    26
    Thanked 62 Times in 58 Posts
    Rep Power
    19
    the mac filter lock out tool for server 2003 works well and is a great thing to have if the school has a large number of pupils with Ipods/Iphones/Ipad's etc

  10. #8

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,343
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    Quote Originally Posted by mcnallyfc View Post
    Yep or they dig a hole in street and tap into the fibre link and get everyones passwords and then logon as admin and ruin the network........

    Slightly easier to read the mac address from a printer or other device, why does your fibre run under the road our is in the fabric of the building.

    Ben

  11. #9

    Join Date
    Jul 2010
    Posts
    124
    Thank Post
    61
    Thanked 2 Times in 2 Posts
    Rep Power
    9
    Quote Originally Posted by plexer View Post
    Slightly easier to read the mac address from a printer or other device, why does your fibre run under the road our is in the fabric of the building.

    Ben
    Sorry missed my point there, or did you, i dont know. Who cares - its answered.

    Thanks

  12. #10

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,076
    Thank Post
    853
    Thanked 2,676 Times in 2,270 Posts
    Blog Entries
    9
    Rep Power
    769

    Wink

    Quote Originally Posted by plexer View Post
    our is in the fabric of the building.
    I'd heard that funds to school builds had been cut but I never imagined you'd end up with tents

  13. #11

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,343
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    Quote Originally Posted by mcnallyfc View Post
    Sorry missed my point there, or did you, i dont know. Who cares - its answered.

    Thanks
    If all of your pc's use static ip addresses either you don't have very many or you like a lot of extra work?

    I don't really know what your point was because your example of someone digging a hole in the street is a lot more far fetched than someone reading the mac address of an existing device and impersonating it.

    Plus I wouldn't dig up the road anyway I'd find a piece of your fibre with easier access and using a micro bend would tap it that way.

    Ta.

    Ben

  14. #12

    Join Date
    Jul 2010
    Posts
    124
    Thank Post
    61
    Thanked 2 Times in 2 Posts
    Rep Power
    9
    Quote Originally Posted by plexer View Post
    If all of your pc's use static ip addresses either you don't have very many or you like a lot of extra work?

    I don't really know what your point was because your example of someone digging a hole in the street is a lot more far fetched than someone reading the mac address of an existing device and impersonating it.

    Plus I wouldn't dig up the road anyway I'd find a piece of your fibre with easier access and using a micro bend would tap it that way.

    Ta.

    Ben
    It was a joke - i really wish i hadnt bothered now. I'd answered my own query and was simply making a humourous (clearly bombed) point in reply to Pete's post that there is always an element of risk in most of what we do. I wasnt asking for a debate on what im doing just how to do it. That is all.

    You have gone off on a tangent here, i cant tell if your joking about the micro bend or actually being serious so i'll bow out.

SHARE:
+ Post New Thread

Similar Threads

  1. Boot CD for FOG usage without DHCP server access
    By coolgeekone in forum O/S Deployment
    Replies: 2
    Last Post: 3rd September 2009, 11:53 AM
  2. Stopping clients access dhcp when connected via wireless.
    By russdev in forum Wireless Networks
    Replies: 2
    Last Post: 20th November 2008, 12:08 PM
  3. Limiting internet bandwidth?
    By maniac in forum General Chat
    Replies: 15
    Last Post: 2nd May 2008, 12:19 PM
  4. Access points not picking up DHCP reservations?
    By Halfmad in forum Wireless Networks
    Replies: 2
    Last Post: 26th April 2007, 02:11 PM
  5. Limiting printing.
    By Chrispy in forum How do you do....it?
    Replies: 21
    Last Post: 9th June 2006, 10:21 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •