Can anyone think of a way of preventing machines without FQDN from getting on the network/obtaining IP address?
This would mean Workgroup or where FQDN doesn't match predefined phrase.
Any ideas?
Can anyone think of a way of preventing machines without FQDN from getting on the network/obtaining IP address?
This would mean Workgroup or where FQDN doesn't match predefined phrase.
Any ideas?
My Blog => http://adriank.org
enable certificate based authentication on your switches with a domain based cert ?
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
What OS is the DHCP server? You could use DHCP reservations (i.e. only those on MAC address list get a 'good' config) but it is a load of admin overhead and not specifically what you're asking for.
Your best bet is to block it at the gateway / firewall. Various routers allow ACLs or similar which resolve client name. i.e. permit outbound from *.allowedout.com Could be pricey if you go for Cisco . ISA etc, but linux firewalls might resolve client names too.
Last edited by wasabi; 03-08-2012 at 06:43 PM.
802.1x would be my recommendation but it depends on your client/server architecture
http://en.wikipedia.org/wiki/IEEE_802.1X
We were looking at this at work (we are still on 2003 AD). If your DHCP server is 2003, you can download a dll and block by MAC - Link.
If you DHCP server is 2008 then this feature is native.
The only problem is that we wanted to block certain company standalone machines to connect to the LAN. I believe in your case you are thinking about preventing "visitors". I can double-check with the networking guy in the office as I believe he was doing something in the switches (Cisco) to block machines.
FQDNs reside (conceptually) above layers 2 (MAC) and 3 (IP). Name mappings are provided by the network, so a host has to be on the network to have an fqdn which is meaningful on that network.
If you can't identify hosts by segment or vlan, you are pretty much left with having to negate the problem, by only allowing systems you can identify (user authentication and/or mac filtering).
There are currently 1 users browsing this thread. (0 members and 1 guests)