Question

  • Creator
    Topic
  • #2215676

    URGENT requirement!!!!locking the ip address to a particular MAC

    Locked

    by mohdanwarahmed ·

    Hi all….

    Aim: Ip address lets say 10.0.0.1 when assigned to a particular MAC let it be pc, should not be used by any other mac, even if i switch off the device.

    I tried through dhcp reservation option which maps the ip address to a mac address, it works. but the problem is, when i switch off the pc, this ip address can be used on the other machine(pc).

    Is there any such solution in microsoft dhcp or else can we do it through the cisco router???? If any please give me the detail procedure.

All Answers

  • Author
    Replies
    • #2934437

      Clarifications

      by mohdanwarahmed ·

      In reply to URGENT requirement!!!!locking the ip address to a particular MAC

      Clarifications

    • #2934429

      Set the lease…

      by breezer85 ·

      In reply to URGENT requirement!!!!locking the ip address to a particular MAC

      Best thing to do is set the lease to the maximum numbers of days, or even better assign the machine this ip address as static!

      • #2953928

        if i set the static ip add

        by mohdanwarahmed ·

        In reply to Set the lease…

        if i set the static ip add, ofcourse when i will shut my system down, the other pc can use ip address of mine, which i dont want.

    • #2934379

      Another option

      by churdoo ·

      In reply to URGENT requirement!!!!locking the ip address to a particular MAC

      In MS DHCP, if your desired IP address is NOT within the address pool it will not get assigned to other clients, yet it CAN be used in a reservation.

      In other words in your example, if your address pool is say 10.0.0.50 – 10.0.0.200, 10.0.0.1 will not be leased to any general clients, however 10.0.0.1 can be used in a reservation and will be assigned to the appropriate client with the matching MAC address.

      • #2953921

        Thanks for posting..

        by mohdanwarahmed ·

        In reply to Another option

        hi churdoo,

        As you said, if we exclude the ip 10.0.0.1 from the pool and reserve the ip to the mac add, it would work, but WHEN I SWITCH OFF MY PC,the clients may statically or manually configure the same ip on the pc and still can use.

        Please explain if i m wrong.
        and also if there is a solution which can be done from the cisco router configuring dhcp, please let me know.

        • #2956431

          There should be

          by tmalo627 ·

          In reply to Thanks for posting..

          Most higher end routers, especially a Cisco, should have a section to reserve IP addresses to a specific MAC. Sometimes it’s referred to as Static DHCP. Simply put in the MAC address and the IP address you want to match up and it should take care of the rest for you.

          Also to touch on another poster’s idea through MS if the address is not in the address pool, it won’t get assigned. If you’re saying you have the reservation set and that address is still be given out, there may be another device performing the DHCP service somewhere in your network. A good way to test that is to go to the machine that is picking up the IP address it shouldn’t have and run IPCONFIG /ALL. See what it says for DHCP server. That will tell you the device issuing the address.

          Hope this helps.

    • #2956666

      Just out of curiousity…

      by breezer85 ·

      In reply to URGENT requirement!!!!locking the ip address to a particular MAC

      …Why does this machine have to have this IP address. Surely if you’ve got a DHCP server which assigns an IP you’ll still get connected!

      Also, when you set the lease to 365 days and switch the machine off, that IP WILL stay with that machine and no other. Beacause all other machines will not query for an IP until after the 365 day lease time expires!

      • #2956644

        Probably because

        by brenton keegan ·

        In reply to Just out of curiousity…

        Probably because he’s doing this on his workstation. It sounds like to me he’s created an ACL that restricts traffic, but he wants his workstation to have a different level of access than the other workstations. So he has to specify a specific IP.

        • #2956638

          Agreed, and not only that; when the cat’s away?

          by churdoo ·

          In reply to Probably because

          I agree it sounds like he’s got an ACL which allows special access for the IP 10.0.0.1 in his example, but the problem isn’t so much “How do you assign this IP addy to this specific workstation?”;
          rather the second part of the problem is, “how does he keep others, once they learn of the special access for IP 10.0.0.1, from assigning themselves this IP statically and giving themselves this access when the cat’s away?”
          I don’t know how to do this in Cisco gear, though I’m no Cisco powerhouse by any stretch of the imagination.

      • #2956547

        hey breezer!!!

        by mohdanwarahmed ·

        In reply to Just out of curiousity…

        thanks for your postings!!

        seems your idea of setting the lease wud work out as u said that other pcs cannot access with the ip address when my pc is shut.
        can u give me the procedure of how to lease an ip address in dhcp environment…gimme the exact steps so that i can do it easily….!!!

        • #2958393

          Lease Time Steps…

          by breezer85 ·

          In reply to hey breezer!!!

          Start – Admin Tools – DHCP – Expand the server tab – Right click ‘Scope…’ – Properties – General Tab – Change the lease time.

          I would much prefer to do it this way than trying to mess about with different solutions! My theory is to keep it short, sweet and simple!

    • #2956643

      Exclusion

      by brenton keegan ·

      In reply to URGENT requirement!!!!locking the ip address to a particular MAC

      You could exclude the IP address from the address pool.

      Under address pool you can specify any exclusions you want. You would of course need to set your IP address statically at this point.

    • #2956593

      Maybe this is an option…

      by brenton keegan ·

      In reply to URGENT requirement!!!!locking the ip address to a particular MAC

      I don’t know a lot about it but check this out:
      http://articles.techrepublic.com.com/5100-10878_11-6123047.html

    • #2956537

      Why is there a problem?

      by neilb@uk ·

      In reply to URGENT requirement!!!!locking the ip address to a particular MAC

      If you assign a DHCP reservation to a particular MAC address then that’s the only system that can pick up that address. That’s why they are called “reservations”.

      The only was that it can be assigned to another system is if you have two DHCP servers covering the same address range and you don’t put the reservation on all of them

      • #2956489

        It’s not about getting the assignment…

        by brenton keegan ·

        In reply to Why is there a problem?

        It’s not about another workstation getting the assignment, it’s a security issue with a workstation having the reserved IP addressed assigned statically.

        A reservation is simply for DHCP, but it doesn’t disallow someone setting the reserved IP manually.

        This threat is really an internal threat. If a user wanted to be malicious and knew the magic IP address he/she could set it statically when the admin is away.

        • #2956480

          Ah, I misunderstood. Thought it was too easy…

          by neilb@uk ·

          In reply to It’s not about getting the assignment…

          If users have access to their NIC properties then the only way round that is not to turn off the system that has to have the IP. Windows should error out with duplicate addresses.

          A GPO to stop users dicking with the NIC settings is the obvious way though. If they are stuck with DHCP then there is nothing they can do.

        • #2956460

          Laptop

          by brenton keegan ·

          In reply to Ah, I misunderstood. Thought it was too easy…

          All the user needs to do then is bring a computer in that’s not on the domain and plug it in. This would get around the domain policy settings.

          I posted a link to info on configing Stick MAC. I think this could prevent users from doing this.

        • #2758154

          hi breezer

          by mohdanwarahmed ·

          In reply to Laptop

          Hello!!

          I think sticky port or sticky mac will not be the solution for the simple reason that sticky mac will not lock the ip address infact it locks the mac!!!

          I hope i m correct!!

          Learning alot here though…newy thnx for ur postings!!!

Viewing 6 reply threads