General discussion

Locked

DHCP Server Configuration

By joshhansen ·
On windows server 2003 running DHCP server services, I would like to create a scope with 20 assignable ip addresses but only give these address to a list of approved MAC addresses. We don't care what address is given, just that it is give to an approved MAC address. I don't want to assign a specific address to a specif MAC. Here is why... We use DHCP for laptop computers only. There are about 50 laptop users but we would never have all 50 at the same location at the same time. If our scope is set to a pool of 20 addresses or less, that would be preferred. How can this be done? Thanks

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to DHCP Server Configuration

This is a tough one, but it is possible.

You can either set an ACL to filter MAC addresses on the switch, which would be easiest, but probably not the solution you are seeking.

Or you can set IPSEC on the DHCP servers and clients to only allow traffic from those client systems to the DHCP server.

You will find this article of interest:

http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911

Collapse -

by joshhansen In reply to

thanks for the suggestions. i do believe Microsoft DHCP cannot do what i'm looking to do.

Collapse -

by CG IT In reply to DHCP Server Configuration

create reservations for IP addresses in the scope to specific MAC addresses. Create reservations for each MAC address. Non-leased IPs in the pool must be reserved to non-existant MAC addresses.

Text book answer.

Collapse -

by CG IT In reply to

note: it's a pain in the butt to manage [real pain]. better to just use static IP's

Collapse -

by joshhansen In reply to

I don't want to assign a specific mac addresses to a specific ip address (that is how we do it now for our roaming laptop users ). I just want a small pool of ip addresseses to be assigned only to approved mac addresseses - that way no can just plug in and get an address without prior approval.

Collapse -

by CG IT In reply to DHCP Server Configuration

This is the only way to do it via DHCP using a Pool of addresses and MAC addresses. If you know of another way please let us know.

But to have a scope with a set # of IP addresses and only particular MAC addresses can be assigned addresses from that pool, you have to create a reservation for both IP and MAC in the scope.

Collapse -

by CG IT In reply to

this is text book stuff for designing security for DHCP in a Windows 2000/2003 Active Directory environment. see "Preventing Unauthorized DHCP clients from Leasing IP Addresses".

Part of the MCSE elective core design requirements. See: Designing Microsoft Windows 2000 Network Security exam 70-220 chapter 9 page 300.
exam 70220

Collapse -

by joshhansen In reply to

That is why I posted this question - to see if I could have a pool of addresses that could be assigned to any requestor but only if their mac address was on the "approved" list without having to specifying what mac address gets what address.

Collapse -

by CG IT In reply to

looked it up :)

Collapse -

by voldar In reply to DHCP Server Configuration

Simple as is - try classifying the scope! Create a scope for a certain user-class!
Not that big deal though!
Best of luck!

http://www.windowsitpro.com/Article/ArticleID/7983/7983.html

Back to Windows Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums