moinuddin_sh Posted December 3, 2006 Posted December 3, 2006 How can I restrict computers to logon on my network with only pre-registered mac addresses?Thanks and regards
allen2 Posted December 4, 2006 Posted December 4, 2006 If you manage the DHCP, you simply need to reserve all dhcp addresses to you registered users and for addresses that aren't needed, you simply need to reserve them to 0123456789ab for example (which most probably doesn't exist as a mac address).
moinuddin_sh Posted December 4, 2006 Author Posted December 4, 2006 I do't have DHCP, I am using static IP addresses. My concern is, if a user bring his laptop and change the IP as per his LAN PC and plug it into the network then it could cause problem.
cluberti Posted December 4, 2006 Posted December 4, 2006 Then you're trying to do something that Windows 2003 cannot do natively - however, if you've got network equipment that supports it, setting up 802.1x via IAS (your switches need to support EAPOL and 802.1x for this to work) will keep people who do not have either a smartcard issued by you, or a certificate issued by you, off of your network. 802.1x is enforced at the switch level, and only allows EAPOL packets between the switch and your Server 2003 IAS server - once the smartcard or certificate from the machine is accepted via the Server 2003 IAS server, the switch port becomes active until the set time frame passes (configured by you) or the machine disconnects from the switch port (again, you will configure how a port becomes "active" and also how an active port becomes "inactive").Again, if your switch hardware supports it, this is a relatively easy and quick way to lock down a network the way you are requesting.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now