Questions

Answer for:

HOW TO PROVIDE INTERNET ONLY FOR DHCP USERS?

Message 3 of 6

View entire thread
+
0 Votes
JPElectron

I'm guessing you're using MAC binding to only allow certain devices (to which you know the MAC) to get a DHCP address, and if it's not a "known device" it gets no IP? ...but you have users that are putting a static IP in and still getting internet?

In your firewall, Deny UDP port 53 outbound, from any IP, except your internal server(s)
On the internal DNS server, add firewall rules such that only the DHCP IP's can use DNS

Also, create an ACL in your firewall/router to the internet...
Allow [IPs that are part of the DHCP pool]
Deny [all other IPs]