I've got a similar setup and let the firewall do DHCP for the guest network / DMZ. The production LAN has a Windows DHCP server.
On Tue, Feb 21, 2012 at 1:28 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > Yes, and he really should have a separate DHCP server, which is the > point of my post... > > He's implying that he's handing out addresses from his production DHCP > server, in which case he's probably not really got a DMZ. > > Kurt > > On Tue, Feb 21, 2012 at 09:54, Michael B. Smith <mich...@smithcons.com> > wrote: > > Isn’t the DMZ a separate network segment? It should be…. > > > > > > > > From: Evan Brastow [mailto:ebras...@automatedemblem.com] > > Sent: Tuesday, February 21, 2012 12:35 PM > > To: NT System Admin Issues > > Subject: Limiting DHCP > > > > > > > > Hi all, > > > > > > > > I've recently set up a wireless router in the DMZ on our firewall. This > will > > allow consultants, salesmen, etc... to have a connection to the Internet > > when they come in, with no connection to our network. > > > > > > > > Now, however, in order to take the final step in this process and be sure > > someone can't just plug into a network port, it would seem I need to do > one > > of two things: > > > > > > > > 1) Stop our DHCP server and give all network devices (less than 50 or so) > > static IP's. > > > > > > > > or > > > > > > > > 2) Restrict DHCP to only listed MAC addresses. > > > > > > > > So, my questions are - which of these two would be easier (does it really > > make much difference?) or is there a third option I don't see? > > > > > > > > Thanks, as always :) > > > > > > > > Evan > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
