DHCP server – No IP for computers out of the domain

Posted on

DHCP server – No IP for computers out of the domain – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about windows, ip, dhcp, wlan, .

I would like to know if there is a way to deny leasing an IP address through my MS DHCP server to computers which are not registered in my domain.


Solution :

You won’t be able to restrict in on a domain basis as the client would need to be able to connect to your network via IP before it’s credentials are validated via a Domain Controller. Having said that however, there is a DLL available that enables you to prevent unauthorised MAC addresses from getting a DHCP assigned address but this requires the administrator to enable this functionality and to register the MAC addresses of the network cards that you want to allow.

For more information on this option check this link DHCP Server callout DLL for MAC address based filtering

Note: This DLL may no longer be available as the functionality was added with Windows 2008 R2 and I’d last used this with Windows 2003 hosts some time ago.

RFC 3118 allows for authentication in DHCP messages although AFAIK it isn’t implemented in the current DHCP servers.

If you want to secure your network a better approach is IEEE_802.1X where clients must authenticate themselves to the switch port before they can access the network.

That means that even if an unauthenticated system is configured with a static IP-addres and doesn’t use DHCP ; it still can’t use your network.

Leave a Reply

Your email address will not be published.