Re: Secure your DHCP


I can only think of allocating via dhcp reservation using network card
mac addresses. This just means more work for you.

Create an exclusion of your whole DHCP scope (So no IP's are free to be
allocated ... dependign on lease expiry's this should not cause an issue
with current leases) and then in the reservations section, manually
assign each mac address an Ip address from what was in your pool.

This would be a very painful way to do this but it would be effective.
Personally, I would work out what resources a rouge laptop would get. If
they can't get onto the network servers (as they don't have credentials)
and it is just internet, maybe stop pushing out gateway addresses in
DHCP and manualy assign the gateway at PC's that need to surf the

If they do have credentials and can move about your network on their
personal laptops you can then look at the DHCP reservations.

Then if someone is smart enough, they can always statically assign an IP
and still get access. This is not going to help your cause.

I personally think you are after a different solution.


Holz wrote:

Anyway for me to prevent or limit who can connect and obtain DHCP address?
We have been cleaning this new client's network for the past 3 weeks. about
70 nodes.
He has some employees that will bring their laptop to work, unplug their
station and plug the laptop for personal use!!! Let's not go into the work
environment atmosphere, we have already explained him the risks he is
facing. He claims he will start the firing shortly, however until then I
want prevent them from even obtaining a DHCP address.
I have to have large scope since he has many legitimate guests coming in on
a daily basis, and the need to use the net when they have projects and demo
to go over. I suggested that we create a secured wireless network for the
guests with a MAC address filter, but no luck, since they work weekends and
are not willing to add the MAC themselves. They just want to plug and work.
Is there any 3rd party option to use something like MAC filter in a home
I though that at the age of 50 I have already seen everything....

Michael J. Jenkin MVP - SBS, MCP, Small Business Specialist, Senior
Systems Engineer