how to prevent static IP ?!
August 8th, 2016
1- i have server 2003 with ISA 2- DHCP is running and these range configured in ISA to have full internet acess 192.168.0.10 – 192.168.0.30 and i have reserved IPs some important people for example for CEO i put 192.168.0.11 there is no limitation for this range.
3- other clients taking the IPs between 192.168.0.31-192.168.0.70 and they have a lot of restriction in accessing the internet
4- some people has personal laptop and i don’t have access to them they knows the IPs from 192.168.0.10 -192.168.0.30 has full access internet all they time they are assigning static IP between these range and its making me crazy how to prevent them or how to configure server that it should not accept static Ip any idea ??? Please do not suggest to change the IP range which is already exposed, i am thinking if next time someone come and take range of ip from another computer and assign an static ip doesn’t matter full access or restricted i don’t want him/her to use static ip and join my network, i should find a way to do not allow static Ips
thanks
You need this:
http://blogs.technet.com/b/teamdhcp/archive/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering.aspx
This DHCP Server Callout DLL helps administrator to filter out DHCP Requests to DHCP Server based on MAC Address. When a device or computer tries to connect to network, it shall first try to obtain ip address from DHCP Server. DHCP Server Callout DLL checks if this device MAC address is present in known list of MAC addresses configured by administrators. If it is present, device shall be allowed to obtain ip address or device requests shall be ignored based on action configured by administrator.
Thanks for your help but it will not prevent static IPs i have read all comments and saw it not able to prevent static Ip
nothing can acutally prevent someone from using a static ip but what this does is mac address filtering. you can set it one of 2 ways. 1 you can put in all the mac addresses of the computers that you want on the network (easier way) and then any computer that doesnt have that mac address will not be allowed.
2. set it up so you have to enter in the ip addressses of everyone that is being blocked from the network.
what i would probably do is setup another range say 192.168.1.0/24 which you can put all your no limitation people on. set up mac address filtering so only they can access that range. then put the restriction on all of 192.168.0.0/24
this way it doesnt really matter if they have a static ip or not they will always have restricted internet access.
hmmm well its also good way thanks
but does anyone have any idea another solution maybe my network structure is not correct i am blocking internet and restricting my users base on IP if i do with with AD users if some guest come how can give him full access without joining him to AD ?? or maybe another way to have full control on users to their access to the internet ! its too important for me i am going to join different network to server if you have any idea let me know please thanks
Found it
everything should be apply on authenticate users both internet and file sharing in ISA server and Windows server 2003 then network is secure even a person change IP