Re: How to block a client from DHCP?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Marc Reynolds [MSFT] (marcrey_at_online.microsoft.com)
Date: 12/10/04 

Date: Fri, 10 Dec 2004 09:58:42 -0600

Also in the DHCP reservation for this client give it a default gateway that
is the same as the IP address you assign it. This way the client will not be
able to go anywhere outside its own subnet unless static routes are added. 

-- 
Thanks,
Marc Reynolds
Microsoft Technical Support
This posting is provided "AS IS" with no warranties, and confers no rights.
"Phillip Windell" <@.> wrote in message
news:uBrQ$RX2EHA.3504@TK2MSFTNGP12.phx.gbl...
>
> "Harvey" <Harvey@discussions.microsoft.com> wrote in message
> news:CCE2A77C-5BA7-4DEC-855F-03BA3B02E52F@microsoft.com...
> > "Phillip Windell" wrote:
> > Actually, they don't want to be in the domain.  They just want to go to
> > Internet for browsing.  Then, they get hacked and spread viruses/worms.
> It
> > seems, as I understand, that I have no controll.
>
> That depends.  Proxys or firewalls that can authenticate via User accounts
> (like ISA Server, MS Proxy Server) will allow or deny based on who the
user
> is and not by what machine they are at or what IP# they get.
>
> In our system all the "human" users are forced to go out via ISA Server
and
> are authenticated based on User accounts.  All Servers and Utility
machines
> go out using a NAT based Firewall which allows only a certain range of IP#
> out to the Net (the lower numbers) and these numbers are assigned
statically
> or by reservations in DHCP.
>
> So,...with all that, there is one possibility. You said you knew the
> machine's MAC address already. So you just setup DHCP with a "reserved" IP
> address for that MAC so that this particular machine will always get the
> same IP#. You then configure your Firewall device to deny that one IP#
> access to the Net.
>
> -- 
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>

Relevant Pages

  • Re: Internet Svc. Providers DHCP Issue with ISA 2006
    ... Use the System Policy Editor inside the ISA 2006 Management Console to enable DHCP from External networks. ... These settings apply to the ISA server as a DHCP client only. ... ISA Server has two network adapters, ...
    (microsoft.public.isa.configuration)
  • Re: dhcp not working
    ... Internal Clients Cannot Obtain a DHCP Address from ISA Server Running DHCP ... The Internal network object does not include the broadcast address ... ran the internet conetion wizzard, however none of the systems pluged into ...
    (microsoft.public.windows.server.sbs)
  • Re: deny a computer from opbtaining IP
    ... Add the reservation to this phony scope. ... Create a Superscope*, and add both the real scope and the ... It allows the DHCP server to understand that the SuperScopeGrouped ...
    (microsoft.public.win2000.active_directory)
  • Re: set exception in dhcp scope
    ... The reservation should work fine, ... A single IP DHCP exclusion range is also possible, just a wee bit more work but not much. ... Les Connor [SBS MVP] wrote: ...
    (microsoft.public.windows.server.sbs)
  • Re: False IP conflict message...?
    ... If your Router can do IP reservation within the DHCP set it so that the Wired and Wireless computers that you have onsite would obtain always the same IP and would benefit from being on a DHCP server. ...
    (microsoft.public.windowsxp.network_web)