Is there any way that I can block MAC addresses using DHCP server or other third part software? I can't do this...
with Cisco devices (switches). We have some college students that need to be blocked and we provide just IP address through our DHCP server. The easiest way I can think is to use DHCP with Static mappings. This can be done by only assigning IP addresses to known MAC addresses and not allowing logins from IP address outside that dhcp pool. This will make it difficult for the average user to logon to your network. You can use any advanced IP Scanner to scan your network and determine the MAC's corresponding to every IP along with other relevant information like: NetBios info, User Id etc. The other option is to lock down switch ports to the known MAC's. Depending on your network device, you may be able to block all unknown MAC addresses from talking to any other systems on your LAN.
You can also use some kind of DHCP client/Host registration process whereby the registered hosts (Known MAC addresses) get the IP addresses just fine while the unregistered clients need to go through a host registration process before getting an IP address from the DHCP server. Here's a link to Cornell's computing site for more information on Registration process. http://www.cit.cornell.edu/computer/support/dhcp/usingdhcp.html
Dig Deeper on Network Security Monitoring and Analysis
Related Q&A from Puneet Mehta
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading
If you've used MAC address restriction to control your network access on your wireless router, can you extend this to your wired network? Our ... Continue Reading