locked
Access List / Network Access Restrictions ?? IDEAS? RRS feed

  • Question

  • I am trying to set up our network so only the computers that are currently active can have access. I want to restrict any outside computer from being able to access our network. 

    Now, I know if I had  a Cisco Router, I could just make an Access List based off of MAC Addresses, but I don't. My company purchased Netgear switches/router and I don't understand how the ACL GUI really works so it's not an option. Plus, we have 3 switches and I don't want to find out which device goes to which switch.....

    I have a Server which hosts DHCP (WIndows Server 2008 R2 Enterprise) and i am curious how I could setup DHCP to not lease anymore IP addresses. I was looking through NAP,  but didn't see anything that would really help, I was thinking using NAP and having only computers with joined to our domain get an address, but couldn't find that template anywhere!

    So, I just want to make it so the current computers/servers are the only ones which can access our network. I have all devices IP addresses and MAC addresses if you have any other suggestions/ideas. Please, can someone tell me how to either get DHCP to stop leasing or some other way? 

    Thanks in Advance!

    Tuesday, March 13, 2012 5:41 PM

Answers

  • Hi,

    Thanks for posting here.

    > My company purchased Netgear switches/router and I don't understand how the ACL GUI really works so it's not an option. Plus, we have 3 switches and I don't want to find out which device goes to which switch.....

    Are these network devices 802.1X capable ? if so the best way we do the restriction is deploying 802.1X authenticated networking with NPS/RADIUS service in Windows Server which will allows only authenticated computers or users (domain joined computer with domain account credentials or certificate that issued by AD PKI service) to access the network by enabling the port that it connects on network devices.

    For the detail information please refer to the links below:

    802.1X Authenticated Wired Access
    http://technet.microsoft.com/en-us/library/cc753354(WS.10).aspx

    802.1X Authenticated Wireless Access
    http://technet.microsoft.com/en-us/library/cc771455(WS.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support


    Wednesday, March 14, 2012 6:26 AM