DHCP MAC Address Authentication

G

Guest

Hello,

I want that only known clients can access our network!
Other clients should have no chance to access our network! I have
read that I could realise it with DHCP reservation!

To do this reservation is no problem but is it make sense? I think by entering
the ip address, subnetmask manually the client have also an entrance!
But I is an better security level than no dhcp reservation?

Thanks for your reply in advance!
 
R

Richard G. Harper

You need something besides DHCP to get the kind of security you want.
Windows 2000 DHCP does not have the ability to deny access, only to grant
it. Check the network devices (routers, switches) on your network to see if
they can be configured to only allow access to known MAC addresses.
 
V

Vaya

Richard G. Harper said:
You need something besides DHCP to get the kind of security you want.
Windows 2000 DHCP does not have the ability to deny access, only to grant
it. Check the network devices (routers, switches) on your network to see if
they can be configured to only allow access to known MAC addresses.
Click to expand...
<SNIP>

And even then you don't have any real security, since it is possible since
W2K that the end user overwrites the hardware MAC address with a software
MAC address. So the only thing a would-be hacker would have to do is
intercept any packet sent to or from an authorized user on your network, and
then setup his box with the MAC addres found in that packet.

V.
 
P

Phillip Windell

Your best bet is to never build your security model on what IP# the clients
has or does not have unless you run static addresses, but even that isn't a
sure thing. Your security model should be based on user authentication.
 
S

Steven L Umbach

Mac filtering can be very effective. It is not an end all but meant to prevent the
average unauthorized user from accessing the network. Mac addresses can be filtered
to a switch port. 802.1X certificate authentication is much more secure but requires
compatible clients, an IAS server, and a Certificate Authority on the network. The HP
Procurve 2524 can do both and are readily available on Ebay for around $350. I would
not recommend that people not use dead bolt locks on their doors at home because
someone could possibly pick the lock or go in through a window. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DHCP reservations active/inactive 1
DHCP Superscope Handing Out Incorrect Address to Client 1
DHCP Reservations 1
DHCP client can't obtain IP address. 3
migrate dhcp service from win 2000 server to win 2003 server 0
DHCP find reservation by MAC 6
Non-existant computers still pingable 5
DHCP reservation with two DHCP servers on the same network 1

Top