DHCP Question

[Kate Townsend]

Our network is running Microsoft Server 2003 R2 Standard Edition SP2. We
have DHCP enabled on our domain controller to hand out IP addresses.

We frequently have outside companies come into our office and they need
Internet connectivity. While we always have a Comcast line availalbe, many
times these external users use our LAN line and get an IP from our DHCP
server, so they have access to our network. Is there someway we can
configure DHCP to only hand out addresses to those computers on our domain
(possibly using our FQDN with a wildcard as the client name --
*.mydomain.com) and prevent outside users from accessing our network?

Thank you in advance for your help,.

 

[AllenM]

I used to have the same issues when vendors and or clients would come into
the office and require internet access. I really did not like having to
change their network settings all the time and then making sure they change
it back. So I hooked up a wirelss outside my network and this resolved
everything. No changes needed to be made to the laptop and network settings.
all they had to do was search for wireless and connect to ours with a
provided WPA key. Works great for me and also allows me to use my own laptop
for wireless external access used for testing remote connectivity issues.


"Kate Townsend" wrote in message
news:eWtSfj4QKHA.4568@TK2MSFTNGP06.phx.gbl...
> Our network is running Microsoft Server 2003 R2 Standard Edition SP2. We
> have DHCP enabled on our domain controller to hand out IP addresses.
>
> We frequently have outside companies come into our office and they need
> Internet connectivity. While we always have a Comcast line availalbe,
> many times these external users use our LAN line and get an IP from our
> DHCP server, so they have access to our network. Is there someway we can
> configure DHCP to only hand out addresses to those computers on our domain
> (possibly using our FQDN with a wildcard as the client name --
> *.mydomain.com) and prevent outside users from accessing our network?
>
> Thank you in advance for your help,.
>

 

[Phillip Windell]

Don't leave unused network jacks "hot".
Unplug them at the PatchPanel or Switch.
Then there is nothing for them to plug into is all the empty network jacks
are dead.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


"Kate Townsend" wrote in message
news:eWtSfj4QKHA.4568@TK2MSFTNGP06.phx.gbl...
> Our network is running Microsoft Server 2003 R2 Standard Edition SP2. We
> have DHCP enabled on our domain controller to hand out IP addresses.
>
> We frequently have outside companies come into our office and they need
> Internet connectivity. While we always have a Comcast line availalbe,
> many times these external users use our LAN line and get an IP from our
> DHCP server, so they have access to our network. Is there someway we can
> configure DHCP to only hand out addresses to those computers on our domain
> (possibly using our FQDN with a wildcard as the client name --
> *.mydomain.com) and prevent outside users from accessing our network?
>
> Thank you in advance for your help,.
>

 

[Leythos]

In article , townsend@nccn.org
says...
>
> We frequently have outside companies come into our office and they need
> Internet connectivity. While we always have a Comcast line availalbe, many
> times these external users use our LAN line and get an IP from our DHCP
> server, so they have access to our network. Is there someway we can
> configure DHCP to only hand out addresses to those computers on our domain
> (possibly using our FQDN with a wildcard as the client name --
> *.mydomain.com) and prevent outside users from accessing our network?
>

Guests should be on a different Wireless access device, so they are not
on your network at all. Either put them in a DMZ area, since some
firewalls have more than one DMZ (and I'm not talking about the FAKE DMZ
you find in linksys/home NAT routers), setup rules for HTTP/HTTPS and
DNS, possibly SMTP and FTP and RD, and only give them the key to your
GUEST wireless network.

Never allow an unmanaged decice on your LOCAL network.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

 

[AllenM]

My wireless router is in my DMZ thus keeping outsiders off my internal
network.

"Leythos" wrote in message
news:MPG.25305d4ac6d9e939989f14@us.news.astraweb.com...
> In article , townsend@nccn.org
> says...
>>
>> We frequently have outside companies come into our office and they need
>> Internet connectivity. While we always have a Comcast line availalbe,
>> many
>> times these external users use our LAN line and get an IP from our DHCP
>> server, so they have access to our network. Is there someway we can
>> configure DHCP to only hand out addresses to those computers on our
>> domain
>> (possibly using our FQDN with a wildcard as the client name --
>> *.mydomain.com) and prevent outside users from accessing our network?
>>
>
> Guests should be on a different Wireless access device, so they are not
> on your network at all. Either put them in a DMZ area, since some
> firewalls have more than one DMZ (and I'm not talking about the FAKE DMZ
> you find in linksys/home NAT routers), setup rules for HTTP/HTTPS and
> DNS, possibly SMTP and FTP and RD, and only give them the key to your
> GUEST wireless network.
>
> Never allow an unmanaged decice on your LOCAL network.
>
> --
> You can't trust your best friends, your five senses, only the little
> voice inside you that most civilians don't even hear -- Listen to that.
> Trust yourself.
> spam999free@rrohio.com (remove 999 for proper email address)