A more comprehensive way to accomplish the same thing is ethernet MAC
locking your switch. Ciscos, at least, can be told to learn one MAC,
then if anything else is plugged in, it disables the port. You don't
have to configure each MAC. Manually disable any unused port.
This method has the advantage of also guarding against the case of
someone assigning themselves an IP without using DHCP (by just
configuring an IP manually).
The tradeoff is you need an admin to plug in any new equipment.
On Wed, 2005-01-19 at 17:29 -0500, Paul Aviles wrote:
> I have a weird question maybe. Is there a way to prevent our DHCP from
> giving leases to computers not in our domain? I don't want anyone that
> walks in to just connect and have the possibility of a network viruses
> getting loose. Is this possible?
>
> My setup is a typical AD 2K environment, simple domain no empty root.
>
> Thanks
>
> Paul
>
> ------------------------------------------------------------------------
---
> ------------------------------------------------------------------------
---
locking your switch. Ciscos, at least, can be told to learn one MAC,
then if anything else is plugged in, it disables the port. You don't
have to configure each MAC. Manually disable any unused port.
This method has the advantage of also guarding against the case of
someone assigning themselves an IP without using DHCP (by just
configuring an IP manually).
The tradeoff is you need an admin to plug in any new equipment.
On Wed, 2005-01-19 at 17:29 -0500, Paul Aviles wrote:
> I have a weird question maybe. Is there a way to prevent our DHCP from
> giving leases to computers not in our domain? I don't want anyone that
> walks in to just connect and have the possibility of a network viruses
> getting loose. Is this possible?
>
> My setup is a typical AD 2K environment, simple domain no empty root.
>
> Thanks
>
> Paul
>
> ------------------------------------------------------------------------
---
> ------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]