Disallow specific Mac Addresses to get IP Address from DHCP Server

I know that we can specify which MAC addresses get an IP address, but since
we have a huge list of computers that require an IP address I think it would
be easier and a shorter, much shorter list, to specify computers that
shouldn't get an IP address. From a school point of view, we have around 300
computers that talk to the DHCP server running Windows 2000, and every once a
while we have a student or teacher that brings in his/her own computer and
tries to connect to the network. When they do, the DHCP logs this and gives
them an IP address. When I do a regular scan of the IP addresses released, I
will notice computer names that aren't ours, so I would like to write down
the MAC address of that computer and would like to tell the DHCP server to no
longer allow it to give an IP address to that MAC address. Can this be done?
We wold like to prevent the computer that is brought into our school that
doesn't belong here to not get a future IP address as we can't prevent them
until we get the MAC Address and we don't want to have to log all 300
computers that can. Is this possible?

Thank you.

Gary

You could assign a "bogus" IP address to the "bad" MAC address which
would accomplish that effect.

Great idea. Never thought of that.

Thanks.

Gary

Probably not an effective strategy since mac addresses can be spoofed. And
once one student (or teacher) finds out......
Louis

I tried entering in a bogus IP address in the reservations section and it
doesn't allow me to. I have to put an address that matches the scope. If
the scope is for 10.7.16.0 and I try entering anything other than something
that starts with 10.7. then it says The specified DHCP client is not a
reserved client. Any suggestions?

What do you suggest?

As far as I know, DHCP doesn't really provide security. Even if you map all
300 MACs to IP reservations and exclude the rest of the IPs, all anyone has
to do is use a static IP address in your network range. I suppose you could
reserve the rest of the IPs in your scope with bogus MACs but that would
require the other 300 reservations to be assigned and this would certainly
be a maintenance nightmare. Sorry I can't be more help, I was just looking
at the problem from a "How would I get around that?" standpoint. You might
google for "802.1x authentication" for a more robust solution.
Louis

All I find are "scripting" solutions, which would probably not work out
for you either.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode test 33Switch to Hybrid Mode Switch to Threaded Mode

2 31st October 05:32 bob i External User Posts: 1	Disallow specific Mac Addresses to get IP Address from DHCP Server You could assign a "bogus" IP address to the "bad" MAC address which would accomplish that effect.

3 31st October 05:33 gary External User Posts: 1	Disallow specific Mac Addresses to get IP Address from DHCP Se Great idea. Never thought of that. Thanks. Gary

4 9th November 14:52 3c273 External User Posts: 1	Disallow specific Mac Addresses to get IP Address from DHCP Server Probably not an effective strategy since mac addresses can be spoofed. And once one student (or teacher) finds out...... Louis

5 19th November 04:39 gary External User Posts: 1	Disallow specific Mac Addresses to get IP Address from DHCP Se I tried entering in a bogus IP address in the reservations section and it doesn't allow me to. I have to put an address that matches the scope. If the scope is for 10.7.16.0 and I try entering anything other than something that starts with 10.7. then it says The specified DHCP client is not a reserved client. Any suggestions?

6 19th November 04:39 gary External User Posts: 1	Disallow specific Mac Addresses to get IP Address from DHCP Se What do you suggest?

8 19th November 04:40 bob i External User Posts: 1	Disallow specific Mac Addresses to get IP Address from DHCP Se All I find are "scripting" solutions, which would probably not work out for you either.