Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
hello, i have a question for you: i have a network, with 126 clients, and i want to assign static ip addresses to all of them. but, here's a problem: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2009
    Posts
    7

    static ip addresses


    hello,
    i have a question for you:

    i have a network, with 126 clients, and i want to assign static ip addresses to all of them.
    but, here's a problem: i want them to use an address that i assigned to them in dhcp, even if they manually set another address on their computer!
    do you have any idea how to do this?

  2. #2
    Just Joined! vishesh's Avatar
    Join Date
    Jul 2009
    Location
    Delhi
    Posts
    36

    reserve

    reserve ip my mac address. and disable ip address editing on client side
    Say NO to Microsoft

  3. #3
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    i have a network, with 126 clients, and i want to assign static ip addresses to all of them.
    This is done by going to each computer, disabling DHCP
    and assigning an address. That's a lot of work on 126 clients.


    i want them to use an address that i assigned to them in dhcp
    This is the opposite of the method described above. Most
    operating systems come this way by default.


    even if they manually set another address on their computer
    I am not an expert on security, but you should put your users
    on limited user accounts, not allowing them to log in as
    administrator or root. If you have a lot of Microsoft computers,
    ask a Microsoft administrator. It shouldn't be too complicated.
    With Linux clients, simply create normal user accounts
    and do not give users the root passwords.

    If you want them to always have the same IP address,
    configure the DHCP server to do this. Depending on the server,
    It may be fairly easy (common small office/home routers)
    or not quite as easy (if you have a custom DHCP server
    on a PC).

  4. #4
    Just Joined!
    Join Date
    Aug 2009
    Posts
    7
    the thing is that a lot of employees in my company bring their laptops , and connect to internet by setting an ip address manually. i don't want that! and also, my boss told me that i need to find that "magic tool" that can accomplish trick with ip addresses that i was talking about.

  5. #5
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,752
    A captive portal requiring user authentication seems to be what you need. Something like CoovaChilli.

    As for "making sure IP_1 is only used by MAC_1" - this could *likely* be done with a custom white/black list with Squid. Look at both solutions and decide which one better fits your needs.

  6. #6
    Just Joined!
    Join Date
    Aug 2009
    Posts
    7
    i have been trying to make black and white mac list in squid for some time, but something goes wrong.
    my squid is properly compiled, and every time it seems that squid has started successfully.
    but, each time when i put:
    acl "whatever" arp 23:3E:34:34:23:44
    http_access allow whatever
    http_access deny !whatever
    every, apsolutely every pc and every site is blocked!!!

  7. #7
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    sounds like you need a nac to stop people from bring in their own computers, turn on dhcp. don't just plan for today, plan for tomorrow. What happens when you statically assign all 126 computers, and then next year your boss wants to change the network range, or add 126 new computers? you will have to redo all of it. stick with dhcp and use a nac.

  8. #8
    Just Joined!
    Join Date
    Aug 2009
    Posts
    7
    thanks for you advice, i'll try everything related to nac, and than i'll come back with results
    greetings!

  9. #9
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    You are going to have to use something that does MAC filtering. Even though you have DHCP setup there is nothing stopping people from setting up an ip address on their laptop and accessing the internet that way. No matter what solution you use it is going to be work keeping up with it, depending on the size of the company.

    If you were using Cisco switches I would suggest looking into MAC filtering on the switch. You can then assign MAC's to ports and anything plugged in that doesn't have that mac will not connect.

    The only problem with all of this is if you have smart clients they will be able to defeat this as MAC's can also be spoofed.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  10. #10
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    never used it, but this looks like a good opensource nac
    PacketFence: Home

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •