Prevent DHCP giving IP to RAS client

[Guest]

Is there a way to set DHCP to give IP only to LAN users connected directly to
net and restrict users that are connected with DialUp through RAS from geting
address?

Ivan Cholakov

 

[Doug Sherman [MVP]]

You can configure RRAS to assign IP addresses from a static address pool.
This does not have to be the same subnet as your internal LAN. See:

http://support.microsoft.com/kb/300434/EN-US/

http://support.microsoft.com/default.aspx?scid=kb;en-us;317025

Also, you can force a specific remote access IP on a per user basis through
AD Users and Computers - User account properties Dial-in tab.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

 

[Guest]

Sory, I supouse that the information that I gave was not all. I manage part
of big enterprise network. In my segment I have a DHCP server. Everything was
fine until we upgrade our connection to the HQ. We have a router managed by
the HQ and when it's on-line it take IPs' from DHCP scope as RAS client. The
HQ administrator says that he configured router correct, but when it's
on-line my scope of IP in DHCP is filled from RAS clients. So I want to block
RAS clients of taking IP from DHCP, becouse my scope of addresses is fully
taken and my regular network users couldn't take an IP address. The HQ
administrator claims that the problem is in my network, and it's realy is
)). But I think that it's due incorect router settings.

 

[Doug Sherman [MVP]]

I agree that this is caused by the router or the Remote Access server - this
may or may not be the same computer/device. In NT4.0 and (I think pre SP2)
Win2k, if you configured a Sever as a remote access server using DHCP, it
would immediately grab the number of leases necessary to service its
available PPTP/L2TP ports. The default was 128, and it made no difference
whether there were any active VPN connections. The default behavior now is
for RRAS to grab 10 leases at a time on an as-needed basis - See:

http://support.microsoft.com/kb/216805/EN-US/

You didn't tell us anything about the router/RRAS server, so I don't know
whether this is Windows or third party behavior.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

 

[Guest]

Hi Doug

I think I find something for my problem. By default in WinXP there is
installed "incomming connection" and my DHCP interpretes it as Dial-in
connection and gives to every PC that has WinXP in my network 2 or even more
addresses(when it has modem) from it's scope. I want every regular PC in my
network to have only ONE record in DHCP database. How can prevent DHCP giving
IP to fake RAS servers? This is not a problem when PC has Win9x, only WinXP
behave like that.
Help, because my scope of available addresses covers 2/3 of computers and
when there is many WinXPs' on-line the scope is full.
Can I set some kind of policy or something else to prevent it?