Limiting DHCP Access

[mcnallyfc]

Hi all

Quick question - i know its possible to do this but need to work out how exactly to do it!

We currently have our DHCP server setup to allow access for any device plugged into our network.

What i want is for devices only with reservations to gain an IP. How do i go about this?

Thanks

[Theblacksheep]

2008r2 dhcp?

[plexer]

With the mac address callout filter installed on a 2003 DHCP server or with a 2008 R2 DHCP server as that has the callout dll functionality built into it.

This enable you to either deny dhcp leases based on a devices mac address or to allow on those with a mac address which matches the internal list to obtain a dhcp lease.

Ben

[mcnallyfc]

Thanks both but got my answer

Was Server 2003 SP2, Just need to create new exclusion range for that scope covering all IPs and then only reservations will get IP then

[pete]

.....until they read the mac address label on the underside/back of a random machine, turn said machine off and spoof the mac. It's trivial enough to grab a list of mac addresses off the wire without needing a valid IP.

[mcnallyfc]

.....until they read the mac address label on the underside/back of a random machine, turn said machine off and spoof the mac. It's trivial enough to grab a list of mac addresses off the wire without needing a valid IP.

Yep or they dig a hole in street and tap into the fibre link and get everyones passwords and then logon as admin and ruin the network........

[SHimmer45]

the mac filter lock out tool for server 2003 works well and is a great thing to have if the school has a large number of pupils with Ipods/Iphones/Ipad's etc

[plexer]

Yep or they dig a hole in street and tap into the fibre link and get everyones passwords and then logon as admin and ruin the network........

Slightly easier to read the mac address from a printer or other device, why does your fibre run under the road our is in the fabric of the building.

Ben

[mcnallyfc]

Slightly easier to read the mac address from a printer or other device, why does your fibre run under the road our is in the fabric of the building.

Ben

Sorry missed my point there, or did you, i dont know. Who cares - its answered.

Thanks

[SYNACK]

our is in the fabric of the building.

I'd heard that funds to school builds had been cut but I never imagined you'd end up with tents

[plexer]

Sorry missed my point there, or did you, i dont know. Who cares - its answered.

Thanks

If all of your pc's use static ip addresses either you don't have very many or you like a lot of extra work?

I don't really know what your point was because your example of someone digging a hole in the street is a lot more far fetched than someone reading the mac address of an existing device and impersonating it.

Plus I wouldn't dig up the road anyway I'd find a piece of your fibre with easier access and using a micro bend would tap it that way.

Ta.

Ben

[mcnallyfc]

If all of your pc's use static ip addresses either you don't have very many or you like a lot of extra work?

I don't really know what your point was because your example of someone digging a hole in the street is a lot more far fetched than someone reading the mac address of an existing device and impersonating it.

Plus I wouldn't dig up the road anyway I'd find a piece of your fibre with easier access and using a micro bend would tap it that way.

Ta.

Ben

It was a joke - i really wish i hadnt bothered now. I'd answered my own query and was simply making a humourous (clearly bombed) point in reply to Pete's post that there is always an element of risk in most of what we do. I wasnt asking for a debate on what im doing just how to do it. That is all.

You have gone off on a tangent here, i cant tell if your joking about the micro bend or actually being serious so i'll bow out.