 85239 |
 35211 |
|
|
||
|
|
|||||||
| Welcome to the Exploding Garrmondo Weiner Interactive Swiss Army Penis. |
|
GFF is a community of gaming and music enthusiasts. We have a team of dedicated moderators, constant member-organized activities, and plenty of custom features, including our unique journal system. If this is your first visit, be sure to check out the FAQ or our GFWiki. You will have to register before you can post. Membership is completely free (and gets rid of the pesky advertisement unit underneath this message).
|
 |
|
|
Thread Tools |
 Member 2001 Level 17.98 Mar 2006 
|
DHCP authentication.
What are some of the ways that you might go about ensuring that a DHCP server only gives an IP to client machines that you wish?
Anyone have some stories about having to do such things? What would you recommend, and why? Any DHCP server that you preffer, and why? Thanks. How ya doing, buddy?
"The avalanche has already started. It is too late for the pebbles to vote."
|
Member 492 Level 15.73 Mar 2006
|
Not sure if this counts, but I've configured an Apple Airport which distributes IP addresses to machines connected to it. I know you can specify a range of addresses, but I don't think you can specifically match an IP to a machine. I suppose if you had something that assigned IP addresses based on each computer's MAC address you could do this, but I'm not sure.
Most amazing jew boots |
Member 1395 Level 11.82 Mar 2006
|
DHCP can be a tricky business, firstly, you may set a static IP address on the computers you want on your network. This means that each computer is manually setup with an IP address you state. Using dynamic IP address allocation means you create an IP address range for computers to connect to directly.
Now, the idea of DHCP is you can connect any computer to a network that is running a DHCP server and it will hand out on IP addresses if the computer hasn't already been set with a static IP address. The problem you have PUG is you want to assign specific IP addresses to computers on a network and as luck would have it, you can do just that. It is done using the MAC address from the computers you have on your network and if your DHCP supports MAC address allocation (most do these days) you can assign an IP address to a MAC address. For an example, if you have 5 computers at home, you would set the DHCP scope to have a range of 5 IP address (this is not taking into account any other devices that may need an IP address). After collecting the MAC address from each computer, you would enter those MAC addresses into the DHCP MAC allocation and it would force the IP addresses you want to those MAC addresses. The only drawback here is if someone comes along with their laptop and manually sets their own static IP address, they can gain access to your network. Good news is if they enter an IP address you have set in the DHCP scope, it won't work since the laptops MAC address won't match. But if an IP address that is not in your scope is entered, then access it possible. Setting aside CISCO DHCP servers, normal DHCP servers would have to be entered with a full range of 'fake' MAC addresses to all possible IP addresses that can be done on your network. Example Network with DHCP: Range: 192.168.1.1 - 192.168.1.254 (subnet mark: 255.255.255.0) In this situation, 254 computers could be connected and for this example, we will have a DHCP scope of 10 computers ranging between192.168.1.1 - 192.168.1.10. You set the DHCP scope with MAC addresses (shown below) and now those IP addresses have been allocated to those MAC addresses. Example MAC Address Table: 1. 00:00:00:00:00:0A - 192.168.1.1 2. 00:00:00:00:00:0B - 192.168.1.2 3. 00:00:00:00:00:0C - 192.168.1.3 4. 00:00:00:00:00:0D - 192.168.1.4 5. 00:00:00:00:00:0E - 192.168.1.5 6. 00:00:00:00:00:1A - 192.168.1.6 7. 00:00:00:00:00:1B - 192.168.1.7 8. 00:00:00:00:00:1C - 192.168.1.8 9. 00:00:00:00:00:1D - 192.168.1.9 10. 00:00:00:00:00:1E - 192.168.1.10 To prevent manually set IP addresses, you would need to fill the other IP addresses with 'fake' MAC addresses so that the DHCP server will only assign those IP addresses with the MAC addresses you have entered. As for recommending a DHCP server, CISCO would be way but they are very expensive and the DHCP servers I have used in the past all have to be configured in the way I have explained above to be totally secure. This thing is sticky, and I don't like it. I don't appreciate it.   |
Member 907 Level 22.05 Mar 2006
|
In a wireless environment, even the cheap home Linksys wireless routers support 802.1X (via RADIUS). This will allow you to restrict access at the data link layer to clients that have a valid username/password combination.
I am a dolphin, do you want me on your body? |
Member 1200 Level 26.94 Mar 2006
|
MAC Address Filters are about the only way to do it, and even then they can be spoofed.
I was speaking idiomatically. |
Member 2001 Level 17.98 Mar 2006
|
Thanks for your points. Unfortunately that's the only solution I'd come up with as well. More or less defeats the purpose of it, so I'll probably just stick with static addressing.
What kind of toxic man-thing is happening now?
"The avalanche has already started. It is too late for the pebbles to vote."
|
Magic 
Yume 
