OT: DHCP IP address lockdown
Valery Soldatov
vssold at gmail.com
Fri Dec 9 11:01:25 UTC 2011
Hello,
we use Option 82 and a simple script. The script adds address to
Alowed Table in firewall (firewall works on the same server with ISC
DHCPD). Another script (3-4 lines) refreshes this table, or deletes
address from it on timeout-release event. So, static-configured
addresses can not pass through.
Valeriy Sol.
2011/12/8 Paul Reilly <astropaul at gmail.com>:
> Hello,
>
> This is slightly off-topic, but I'm guessing people here will know the
> answer.
>
> We have a large DHCP pool, and 99% of people use the IP we allocate them,
> but some statically assign whatever IP they want to their machines. We
> cannot lock down the client machines as they can be anything (linux, mac,
> windows, mobile etc). We are using 802.1x so users authenticate to access
> the network.I know we can lock our cisco ports down to a single MAC address,
> but this doesn't prevent a person setting their own IP address manually. How
> do others solve this problem? Can it be solved at the network level? I
> want users to only get network access using the IP address we assign them.
>
> Thanks.
> Paul
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list