We do this sort of thing but we setup ACLs on the switch level this way the switch recognizes the MAC address configures the port for the proper VLAN and then the DHCP server serves up an IP adress this eliminates the problem that you are trying to avoid.
At 03:41 PM 2/20/2002, Michael Bulebush wrote:
>Hi all,
>
>I'm looking for product suggestions of DHCP servers that require
>authentication from the client before handing out an ip address. It must
>also be able to use MAC address registration, and I would like to see if
>there is a way to only allow clients that have been assigned IPs from the
>DHCP server to be able to leave the local network segment. IE, make it so
>someone plugging a rogue laptop into the network and assigning a static IP
>to their machine, would not have access off the local network segment, or
>out to the internet, even if through network switch configs even....
>
>I am not sure if this is even possible though, because when I utilized a
>Bell-Atlantic DSL a few years back, they required me to install a client
>to be able to get an IP from their DHCP server so I could get to the
>internet (I was unable to circumvent this), but when I switched to a local
>DSL provider, over the same physical DSL connection, the local provider
>assigned to me a local ("NAT'd") static IP, and with that I was able to
>shoot straight to the internet with the proper network settings, thus
>successfully circumventing the previous provider by not needing to log
>into a DHCP server. (Only thing I could guess was perhaps I was using a
>different class B or C network and a different gateway over the same
>network segment?)
>
>So my question is, does anyone have any DHCP server suggestions? Also,
>any network hints to handle the second part?
Thanks,
Raoul
________
Military action is important to the nation -- it is the ground of death and
life, the path of survival and destruction, so it is imperative to examine
it. --- Sun Tzu " The Art of War"
msg04011/pgp00000.pgp
Description: PGP signature
