DHCP - Limiting leases by MAC

[Scott Mobley]

Hi folks,

Is there anything new in the frontier of DHCP that would
allow an admin to enter authorized MAC addresses into a
list of allowed clients requesting an IP? Having to enter
in 50 or more reservations kind of makes using DHCP
useless and might as well assign a direct IP address.

Anyone come up with/have a solution for this apparent
LONG time limitation?

Thanks,

Scott

 

[Marc Reynolds [MSFT]]

No, DHCP does not have any security functionality like you suggest. Even if
you could do this, your network would not be "secure" as it would be quite
simple for someone trying to access your LAN to determine the proper range
of IP addresses and statically configure a "unauthorized" client. If you are
considering physical security for your LAN you probably should investigate
wired 802.1x

--

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Matt Hickman]

No, DHCP does not have any security functionality like you suggest. Even if
you could do this, your network would not be "secure" as it would be quite
simple for someone trying to access your LAN to determine the proper range
of IP addresses and statically configure a "unauthorized" client. If you are
considering physical security for your LAN you probably should investigate
wired 802.1x

He might consider using IPSec with a secure server policy setup. Depends
what he wants to secure, I guess.