«

»

Feb 03

DHCP Server 2008 R2

Categories:

Server 2008 R2

by Dave Coleman

  One of the issues we have been seeing in recent times is students and staff bringing into Twynham wireless enabled devices and because we run an open wireless system these devices then receive an IP address from our DHCP servers, I do not even believe that they intend to use the wireless connection this was illustrated to me this week when I managed to catch up with a member of staff who’s IPhone kept on appearing on our DHCP server when I asked if he used the wireless he had no idea what I meant. So I was very pleased to see in Server 2008 R2 the ability to block devices from obtaining an IP lease and it could not be simpler…

All you need to do is right click on the lease then add the device to the deny filter. The filters themselves need to be enabled to use and as I found the hard way if you turn on the allow filter NO device receives an IP address so if you do turn this on please be aware that you will have to allow devices by adding their MAC address to the list which is fine if you run a small network but for us at Twynham with fast approaching 1000 devices this would be a Herculean task. So far as you can see below I have blocked 59 MAC addresses these are mainly IPhones but also a large number of IPod’s and with the price dropping I can only see this becoming a bigger problem on your network as well.

DHCP Server Deny List

Dave

About Dave Coleman

Dave Coleman has written 354 post on this blog.


Technorati Tags: ,

No related posts.

Tags: ,

4 comments

  1. Daniel Dainty

    December 20, 2010 at 1:33 am (UTC 1) Link to this comment

    Yes, and there’s also some (if not all) builds of Android that have a “Attempt to join any open wireless network” tickbox that is fairly easy to lean against, so I can see your problem only get worse left unchecked.

    Why don’t you run a separate VLAN/SSID/DHCP class and let people have ultra-short leases when on the public VLAN?

  2. Dave Coleman

    December 20, 2010 at 6:40 am (UTC 1) Link to this comment

    Hi Daniel

    We will be changing our subnets over summer 2011 and yes this is something we will be doing.

    Dave

  3. Daniel Kidd

    January 13, 2011 at 3:43 pm (UTC 1) Link to this comment

    Is the system incapable of blocking everyone with a certain kind of connection eg. all apples in general?

  4. Dave Coleman

    January 13, 2011 at 5:59 pm (UTC 1) Link to this comment

    Hi Daniel

    Sadly no this is not possible but would make a great feature.

    Dave

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>