> For authentication, I believe you are really talking 802.1x Doh! Yup, my mistake.
--Matt Ross Ephrata School District ----- Original Message ----- From: Kevin Lundy [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Tue, 21 Feb 2012 12:12:44 -0800 Subject: Re: Limiting DHCP > For authentication, I believe you are really talking 802.1x > > We've implemented 802.1x on our wired network over 5 sites and about 2000 > ports. No wireless yet, but when we do, it will also use 802.1x > > On Tue, Feb 21, 2012 at 2:23 PM, Matthew W. Ross > <[email protected]>wrote: > > > 802.11x authentication looks awesome, but all of my (admittingly amateur) > > experiments to try to implement it have failed me. I'd be very interested > > on hearing success stories of this solution. > > > > > > --Matt Ross > > Ephrata School District > > > > > > ----- Original Message ----- > > From: Steve Kradel > > [mailto:[email protected]] > > To: NT System Admin Issues > > [mailto:[email protected]] > > Sent: Tue, 21 Feb 2012 > > 10:34:55 -0800 > > Subject: Re: Limiting DHCP > > > > > > > Look into 802.11x authentication... or at least filter whitelisted > > > MACs at the router. DHCP is not any kind of access control mechanism. > > > > > > --Steve > > > > > > On Tue, Feb 21, 2012 at 1:17 PM, Jonathan Link <[email protected]> > > > wrote: > > > > I think he's wanting to prevent anyone from connecting to his network > > by > > > > just plugging in anywhere, with any device... > > > > > > > > > > > > On Tue, Feb 21, 2012 at 12:54 PM, Michael B. Smith < > > [email protected]> > > > > wrote: > > > >> > > > >> Isn’t the DMZ a separate network segment? It should be…. > > > >> > > > >> > > > >> > > > >> From: Evan Brastow [mailto:[email protected]] > > > >> Sent: Tuesday, February 21, 2012 12:35 PM > > > >> To: NT System Admin Issues > > > >> Subject: Limiting DHCP > > > >> > > > >> > > > >> > > > >> Hi all, > > > >> > > > >> > > > >> > > > >> I've recently set up a wireless router in the DMZ on our firewall. > > This > > > >> will allow consultants, salesmen, etc... to have a connection to the > > > >> Internet when they come in, with no connection to our network. > > > >> > > > >> > > > >> > > > >> Now, however, in order to take the final step in this process and be > > sure > > > >> someone can't just plug into a network port, it would seem I need to > > do > > > one > > > >> of two things: > > > >> > > > >> > > > >> > > > >> 1) Stop our DHCP server and give all network devices (less than 50 or > > so) > > > >> static IP's. > > > >> > > > >> > > > >> > > > >> or > > > >> > > > >> > > > >> > > > >> 2) Restrict DHCP to only listed MAC addresses. > > > >> > > > >> > > > >> > > > >> So, my questions are - which of these two would be easier (does it > > really > > > >> make much difference?) or is there a third option I don't see? > > > >> > > > >> > > > >> > > > >> Thanks, as always :) > > > >> > > > >> > > > >> > > > >> Evan > > > >> > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > --- > > > To manage subscriptions click here: > > > http://lyris.sunbelt-software.com/read/my_forums/ > > > or send an email to [email protected] > > > with the body: unsubscribe ntsysadmin > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
