I don't quite follow the link between your DMZ and people being able to "just plug into a network port", but if you use DHCP with MAC reservations you're still not going to prevent someone from plugging something in and assigning it a static IP.
From: Evan Brastow [mailto:[email protected]] Sent: 21 February 2012 17:35 To: NT System Admin Issues Subject: Limiting DHCP Hi all, I've recently set up a wireless router in the DMZ on our firewall. This will allow consultants, salesmen, etc... to have a connection to the Internet when they come in, with no connection to our network. Now, however, in order to take the final step in this process and be sure someone can't just plug into a network port, it would seem I need to do one of two things: 1) Stop our DHCP server and give all network devices (less than 50 or so) static IP's. or 2) Restrict DHCP to only listed MAC addresses. So, my questions are - which of these two would be easier (does it really make much difference?) or is there a third option I don't see? Thanks, as always :) Evan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
