Unable to Ping / Shared Network

[Simon Hobson]

Barry Stear wrote:

>What I am trying to accomplish is I want to 
>separate unknown clients from known clients and 
>only provide the unknown clients with Internet 
>access but not allow them access to any samba 
>shares on the network. I was thinking denying a 
>subnet would be easier then denying a range of 
>ips. I realize now that I might have made this 
>more difficuly then needed.  I want to be able 
>to VPN into the server as well which I think 
>puts me in the same boat where I need a separate 
>subnet for those clients.

Ahh, no we're getting somewhere !

First thing to understand is that DHCP is NOT a 
security protocol. Any device can be configured 
by other means and that bypasses anything you do 
via DHCP.

I'd be more inclined to just put unknown devices 
in a specific IP range and apply access controls 
(filters) to prevent access to the Samba shares.
Alternatively, as José Queiroz says, put them on 
a physically different network - either a 
separate switch, or VLANs on a managed switch.
A shared network doesn't actually gain you 
anything in this situation other than headaches !

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.