Re: Deny client from obtaining IP address

["Balaji Prasad" <bpmlist () sonic net>]

Rolando:
  The functionality that you are requesting falls in a new breed of
products that use a concept called Network Admission Control or Unified
Access Control. This forms the layer 2 component of the above, where the
authentication is done using 802.1x protocols, subsequent to which the
host is authorized to access the LAN
It must be noted however that the client will need an IP address to get
authorized, but it wont be able to access the network. The auth can be
hooked up with AD or Radius as you please.
All major players, Symantec Juniper and Cisco have products in the market
or the pipeline.

- Balaji

> Nathan Sportsman#>
> I believe the only way you can configure a DHCP server to ignore
> DHCPDISCOVER broadcasts is to setup restrictions by MAC address (which
> can be spoofed). I do not see how you can restrict IP leasing via
> Active Directory user authentication. You can restrict other network
> resources until authentication has occurred via AD, but the client
> system must already have an IP for this communciation to occur.
> Meaning the DHCP server has already been solicited and assigned an IP.
>
> Thanks
> Nathan
>
> On 7/27/06, rolando_ruiz () jetaviation com <rolando_ruiz () jetaviation com>
> wrote:
> > Hello all,
> >
> > Is there a way that in DHCP or so, one can deny a client computer from
> > obtaining an IP address? We use Microsoft servers ADS environment and
> > I'd like to allow only those we want to obtain
> > an IP address. I don't want to make it too restricted where authorized
> > users are unable to connect. I'm sure there are some 3rd party apps that
> > can handle this and I welcome suggestions on those also. This is a
> > solution for denying connectivity to outsiders.
> >
> > Thank you
> >
> >
> >
> > ---------------------------------------------------------------------------
> > This list is sponsored by: Norwich University
> >
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> > The NSA has designated Norwich University a center of Academic
> > Excellence
> > in Information Security. Our program offers unparalleled Infosec
> > management
> > education and the case study affords you unmatched consulting
> > experience.
> > Using interactive e-Learning technology, you can earn this esteemed
> > degree,
> > without disrupting your career or home life.
> >
> > http://www.msia.norwich.edu/secfocus
> > ---------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec
> management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed
> degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------