Yea, don't do static's. It will haunt you sooner or later. DHCP reservations for existing stuff, then an exclude from the scope for all the unused addresses. You can real quick turn off that exclude when you get new devices until they get an address....then you can easily create a reservation for them and redo the exclude.
From: Jonathan Link [mailto:[email protected]] Sent: Tuesday, February 21, 2012 1:01 PM To: NT System Admin Issues Subject: Re: Limiting DHCP Changing to static IPs requires you touch every machine. Yuck. Going with option #2, I'm assuming you mean reservations, is pretty easy to implement, as you have all that information available via the DHCP console. So, it's easy to make the change there, and workstations/users won't be any the wiser. However, as you add new equipment, you'll have to get the MAC address from that equipment and put it into the DHCP snap in,to get an IP address. Also, changes you make the DNS will be easy to implement in the future, as those changes are also made in the DHCP snap-in. On Tue, Feb 21, 2012 at 12:34 PM, Evan Brastow <[email protected]<mailto:[email protected]>> wrote: Hi all, I've recently set up a wireless router in the DMZ on our firewall. This will allow consultants, salesmen, etc... to have a connection to the Internet when they come in, with no connection to our network. Now, however, in order to take the final step in this process and be sure someone can't just plug into a network port, it would seem I need to do one of two things: 1) Stop our DHCP server and give all network devices (less than 50 or so) static IP's. or 2) Restrict DHCP to only listed MAC addresses. So, my questions are - which of these two would be easier (does it really make much difference?) or is there a third option I don't see? Thanks, as always :) Evan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
