Your best option would probably be to use a managed switch which allows you to specify the mac address of each machine that is connected to a specific port, and to disallow any other conenction or MAC address. This way, it would not be possible to get an IP address or talk to anything on the network, because no packets would travel if unauthorized.
> -----Original Message----- > From: Michael Bulebush [mailto:[EMAIL PROTECTED]] > Sent: February 20, 2002 15:41 PM > To: [EMAIL PROTECTED] > Subject: DHCP Server solutions > > > Hi all, > > I'm looking for product suggestions of DHCP servers that > require authentication from the client before handing out an > ip address. It must also be able to use MAC address > registration, and I would like to see if there is a way to > only allow clients that have been assigned IPs from the DHCP > server to be able to leave the local network segment. IE, > make it so someone plugging a rogue laptop into the network > and assigning a static IP to their machine, would not have > access off the local network segment, or out to the internet, > even if through network switch configs even.... > > I am not sure if this is even possible though, because when I > utilized a Bell-Atlantic DSL a few years back, they required > me to install a client to be able to get an IP from their > DHCP server so I could get to the internet (I was unable to > circumvent this), but when I switched to a local DSL > provider, over the same physical DSL connection, the local > provider assigned to me a local ("NAT'd") static IP, and with > that I was able to shoot straight to the internet with the > proper network settings, thus successfully circumventing the > previous provider by not needing to log into a DHCP server. > (Only thing I could guess was perhaps I was using a different > class B or C network and a different gateway over the same > network segment?) > > So my question is, does anyone have any DHCP server > suggestions? Also, any network hints to handle the second part? > >
