Q

Blocking MAC addresses

I have working NT 4.0 server running DHCP - how I can block a MAC address? We have some users bring in their personal laptop, and they can connect to our network illegally. Can the DHCP lock the MAC by itself?
The bigger issue here is how manageable a solution will you have. In order to block MAC addresses, you must first know all the permissible MAC addresses in the enterprise. Then, if possible in the DHCP implementation, you must disable all other MAC addresses from getting an IP address. This can be a manageable process if there are relatively few systems in the environment. But think of the overhead and process that must be in place to make this continue. Every time a new system is purchased, the DHCP must be changed to allow its MAC address. What about vendors and consultants who may be allowed access while one site? How do you administer these? Do they need a separate subnet, and DHCP range with other restrictions? These are the issues that have to be addressed. Does the solution scale well? Does a different DHCP solution better solve the problem? Also what is the underlying security policy driving the need to block by MAC address? Are employees specifically banned from bringing in personal laptops? If there isn't a clear security policy banning this, your efforts may lack support needed to make blocking happen.
This was first published in September 2003

Dig deeper on IP Networking

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close