deny machines which have configured static ips or configured ip manually
Simon Hobson
dhcp1 at thehobsons.co.uk
Sun Jun 17 08:47:54 UTC 2012
ARUN CHAKRAPANI RAO wrote:
>Is there any method in dhcp, I can configure which will deny access
>to those machines which have been configured manualy ip instead of
>the ip which is being provided by our dhcp server
None whatsoever.
You would need external tools to track leases offered by your server
and what what's connected to the network. If it finds a rogue device,
it would then need to take actions unrelated to your DHCP server
(such as blocking that MAC at the router or switch).
Randall has mentioned one, I'm sure there are many homegrown
solutions in use around the world.
As an alternative to tracking and blocking rogue devices, you might
want to look at whether it's possible to filter the "good" traffic.
Ie, on each consumer facing port, block all traffic but DHCP
initially. Once a lease if granted, then open up the port to allow
traffic from the IP leased. That would avoid the window where someone
can self assign an IP and cause conflict, and you detecting it and
blocking it.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list