Re: IAS & DHCP
From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 10/12/04
- Previous message: Shaun Ryan: "Creating 802.1X Workstation Authentication Certificates for NON-domain XP/W2KSP4 clients..."
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 12 Oct 2004 08:56:29 -0700
This is not supported by IAS.
IAS is an authentication piece of the puzzle, not enforcer
With 802.1x capable switch you can authenticate users/computer before
they're allowed access on the network. That's why you see that
authentication Tab
In the future IAS and DHCP will be integrated more together and this will
allow IAS to decide whether a specific user should get a valid IP or not.
This is part of the NAP (Network access protection) services in the future
HTH
Sam Salhi [MSFT]
--
=============================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
=============================================
"Jeff Durham" <jdurham.nospam@cinci.rr.com> wrote in message
news:e1wEmrclEHA.952@TK2MSFTNGP14.phx.gbl...
>I was thinking about this more. Because you have to enter a list of
>authorized MAC addresses in the first place, there may be a way to
>accomplish what you need with DHCP. Depending upon the size of your list,
>you could create a reservation for each MAC address thereby utilizing all
>of the addresses in your pool. This essentially is a static address and
>one might say why use a DHCP server to do this. With this, you can still
>configure scope options where your clients get assigned all of the other
>attributes from DHCP (DNS, gateway, domain name, etc.).
>
> Jeff
>
>
> "Jeff Durham" <jdurham.nospam@cinci.rr.com> wrote in message
> news:urEJTkclEHA.2224@tk2msftngp13.phx.gbl...
>>I too was wondering about that. When you view the properties for a wired
>>connection under Windows, there is an authentication tab where IEEE 802.1x
>>is checked. That would seem to imply that there is a way to do this.
>>
>> If you find out, please post your results and I will do the same.
>>
>> Jeff
>>
>>
>> "Sean" <anonymous@discussions.microsoft.com> wrote in message
>> news:521801c480ac$285a8e10$a501280a@phx.gbl...
>>> Hello all,
>>> I have a question regarding IAS & DHCP. Is it possible to
>>> configure things in such a way that any unauthorized MAC
>>> addresses on the network will not get an address through
>>> DHCP? We are not using wireless, this applies to our LAN
>>> only. Most of the articles I have read about this are
>>> geared towards remote or wireless users and authenticating
>>> on the network. I would like to set it up in such a way
>>> that any system hooked to the network who's MAC address is
>>> not in some kind of "approved" database can't get an
>>> address through DHCP. I know there are dedicated DHCP
>>> appliances that can do this but I looking for a low cost
>>> (as in free) solution using what we already have if
>>> possible. If anyone can help I would appreciate it. Thank
>>> you.
>>
>>
>
>
- Previous message: Shaun Ryan: "Creating 802.1X Workstation Authentication Certificates for NON-domain XP/W2KSP4 clients..."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
