none
Manual IP Which shouldn't access My Network

    Question

  • We have windows 2008 R2 enterprise as DC. I cant block PCs which ip configured as Manual, its too hard to control clients of WAN. So there are computer which not included in domain. Local users can control everything on their PCs. If there is a computer configured to get IP as automatically, it can't go through my network so i need to know it MAC and write down in reservations. But manual IPs drive me crazy. 

    In shortly, I dont want any PC to join my network which excluded my IP Reservations even though who tries get in with manuel IP.

    Thursday, July 11, 2013 6:20 AM

Answers

  • You would probably think setting up dedicated network .

    you can take advantage of VLAN / DMZ and let all the vendors / external clients to connect to NON-PROD environment.

    Friday, July 12, 2013 4:20 AM
    Moderator
  • You would probably think setting up dedicated network .

    you can take advantage of VLAN / DMZ and let all the vendors / external clients to connect to NON-PROD environment.

    agree with Sainath, setup a dedicated network.

    if your company has a budget buy a manage switch and configure different subnets and VLANS, in this way you can separate networks.

     - one network separated by political reasons

     - one network separated for guests

     - one network for Elite and Sky head individuals 

    Just kidding.. 

    or if you have hardware firewall, you create two separate subnets and configure the firewall to restrict the packets from crossing to the other subnet.


    Every second counts..make use of it.

    Friday, July 12, 2013 6:36 AM

All replies

  •   There is really no way to control that, whether you use manual IP or not.

      If a machine connects to the network set to get an IP automatically, DHCP will give it a network config. How can you exclude my laptop if I connect it to your network? How could you know its MAC address?


    Bill

    Thursday, July 11, 2013 7:03 AM
  • You would probably think setting up dedicated network .

    you can take advantage of VLAN / DMZ and let all the vendors / external clients to connect to NON-PROD environment.

    Friday, July 12, 2013 4:20 AM
    Moderator
  • You would probably think setting up dedicated network .

    you can take advantage of VLAN / DMZ and let all the vendors / external clients to connect to NON-PROD environment.

    agree with Sainath, setup a dedicated network.

    if your company has a budget buy a manage switch and configure different subnets and VLANS, in this way you can separate networks.

     - one network separated by political reasons

     - one network separated for guests

     - one network for Elite and Sky head individuals 

    Just kidding.. 

    or if you have hardware firewall, you create two separate subnets and configure the firewall to restrict the packets from crossing to the other subnet.


    Every second counts..make use of it.

    Friday, July 12, 2013 6:36 AM