On Tuesday, 09.08.2005 at 13:07 +0200, bratac@t-onleine.com wrote: > i use dhcp3d to assign specific hosts in my network fixed ip adresses > via MAC. Works fine ... > > But is it possible to "block" an IP if someone tries to manualy set up > an IP Adress on his host ? > > Eg. dhcpd will assign 192.168.1.1 to the mac 00:11:22:33:44:55:66. > > Someone other is trying to set up the ip 192.168.1.1 on his host and > should get the message that the ip is allready in use ... You certainly can't do that by configuring your DHCP server, since obviously it isn't consulted if someone hardcodes their IP. What you might want to look into is: (a) Using MAC addresses rather than IP addresses in your firewall rules to restrict what the manually configured client can do. Unless you only have a handful of clients, this will make your firewall rules very complicated and also probably slow and inefficient; or (b) Work at a lower level, using MAC control management on a managed network switch, for example; or (c) Lock down the clients so that they can't have their IP config changed under normal use. Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature