Results 1 to 7 of 7

Thread: Block machines without FQDN?

  1. 03-08-2012, 01:19 PM #1
    spoon_
    spoon_ is offline
    <<== UT3 Player spoon_'s Avatar
    Join Date
    Nov 2008
    Location
    London
    Posts
    2,071
    Thanks
    113
    Thanked
    139 times in 131 posts

    Block machines without FQDN?

    Can anyone think of a way of preventing machines without FQDN from getting on the network/obtaining IP address?

    This would mean Workgroup or where FQDN doesn't match predefined phrase.


    Any ideas?
    My Blog => http://adriank.org
    Reply With Quote Reply With Quote
  2. 03-08-2012, 02:27 PM #2
    Moby-Dick
    Moby-Dick is offline
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts

    Re: Block machines without FQDN?

    enable certificate based authentication on your switches with a domain based cert ?
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
    Reply With Quote Reply With Quote
  3. 03-08-2012, 06:18 PM #3
    Apex
    Apex is offline
    Chaos Monkey Apex's Avatar
    Join Date
    Jul 2003
    Location
    Huddersfield
    Posts
    4,706
    Thanks
    1,139
    Thanked
    284 times in 203 posts
    • Apex's system
      • Motherboard:
      • Asus Z87M-PLUS
      • CPU:
      • Intel i5-4670K
      • Memory:
      • 32 GiB
      • Storage:
      • 20 TiB
      • Graphics card(s):
      • PowerColor Radeon RX 6700 Fighter 10GB OC
      • PSU:
      • 750
      • Case:
      • Core View 21
      • Operating System:
      • Windows 10 pro
      • Monitor(s):
      • Dell S2721DGFA
      • Internet:
      • 200Mb nTL Cable

    Re: Block machines without FQDN?

    Does your dhcp server not have the option to block devices if the MAC is not in the allow list ?
    Reply With Quote Reply With Quote
  4. 03-08-2012, 06:27 PM #4
    wasabi
    wasabi is offline
    Account closed at user request
    Join Date
    Aug 2003
    Location
    Elephant watch camp
    Posts
    2,150
    Thanks
    56
    Thanked
    115 times in 103 posts
    • wasabi's system
      • Motherboard:
      • MSI B85M-G43
      • CPU:
      • i3-4130
      • Memory:
      • 8 gig DDR3 Crucial Rendition 1333 - cheap!
      • Storage:
      • 128 gig Agility 3, 240GB Corsair Force 3
      • Graphics card(s):
      • Zotac GTX 750Ti
      • PSU:
      • Silver Power SP-S460FL
      • Case:
      • Lian Li T60 testbanch
      • Operating System:
      • Win7 64bit
      • Monitor(s):
      • First F301GD Live
      • Internet:
      • Virgin cable 100 meg

    Re: Block machines without FQDN?

    What OS is the DHCP server? You could use DHCP reservations (i.e. only those on MAC address list get a 'good' config) but it is a load of admin overhead and not specifically what you're asking for.

    Your best bet is to block it at the gateway / firewall. Various routers allow ACLs or similar which resolve client name. i.e. permit outbound from *.allowedout.com Could be pricey if you go for Cisco . ISA etc, but linux firewalls might resolve client names too.
    Last edited by wasabi; 03-08-2012 at 06:43 PM.
    Reply With Quote Reply With Quote
  5. 03-08-2012, 07:01 PM #5
    blueball
    Guest

    Re: Block machines without FQDN?

    802.1x would be my recommendation but it depends on your client/server architecture

    http://en.wikipedia.org/wiki/IEEE_802.1X
    Reply With Quote Reply With Quote
  6. 04-08-2012, 09:00 AM #6
    pardal51
    pardal51 is offline
    Senior Member
    Join Date
    Jul 2008
    Posts
    394
    Thanks
    18
    Thanked
    29 times in 25 posts

    Re: Block machines without FQDN?

    We were looking at this at work (we are still on 2003 AD). If your DHCP server is 2003, you can download a dll and block by MAC - Link.

    If you DHCP server is 2008 then this feature is native.

    The only problem is that we wanted to block certain company standalone machines to connect to the LAN. I believe in your case you are thinking about preventing "visitors". I can double-check with the networking guy in the office as I believe he was doing something in the switches (Cisco) to block machines.
    Reply With Quote Reply With Quote
  7. 04-08-2012, 09:38 AM #7
    matts-uk
    matts-uk is offline
    Senior Member
    Join Date
    Jul 2012
    Location
    By the sea
    Posts
    319
    Thanks
    27
    Thanked
    114 times in 72 posts
    • matts-uk's system
      • Motherboard:
      • Apple iMac
      • CPU:
      • Core i7 3.4Ghz
      • Memory:
      • 12GB DDR3
      • Storage:
      • RAID5 on the twin Xeon server I keep in the airing cupboard
      • Graphics card(s):
      • ATI 7970M
      • Case:
      • A lurvely slimline, all in one aluminium number.
      • Operating System:
      • OSX, Centos, Windows.
      • Monitor(s):
      • 27" LED (Apple), 24" LED (Apple), 2 x 20" TFT Dell
      • Internet:
      • ADSL rubbish

    Re: Block machines without FQDN?

    Quote Originally Posted by spoon_ View Post
    Can anyone think of a way of preventing machines without FQDN from getting on the network/obtaining IP address?
    FQDNs reside (conceptually) above layers 2 (MAC) and 3 (IP). Name mappings are provided by the network, so a host has to be on the network to have an fqdn which is meaningful on that network.

    If you can't identify hosts by segment or vlan, you are pretty much left with having to negate the problem, by only allowing systems you can identify (user authentication and/or mac filtering).
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules