static ip addresses

[djekovic]

hello,
i have a question for you:

i have a network, with 126 clients, and i want to assign static ip addresses to all of them.
but, here's a problem: i want them to use an address that i assigned to them in dhcp, even if they manually set another address on their computer!
do you have any idea how to do this?

[vishesh]

reserve ip my mac address. and disable ip address editing on client side
Say NO to Microsoft

[rcgreen]

i have a network, with 126 clients, and i want to assign static ip addresses to all of them.

This is done by going to each computer, disabling DHCP
and assigning an address. That's a lot of work on 126 clients.

i want them to use an address that i assigned to them in dhcp

This is the opposite of the method described above. Most
operating systems come this way by default.

even if they manually set another address on their computer

I am not an expert on security, but you should put your users
on limited user accounts, not allowing them to log in as
administrator or root. If you have a lot of Microsoft computers,
ask a Microsoft administrator. It shouldn't be too complicated.
With Linux clients, simply create normal user accounts
and do not give users the root passwords.

If you want them to always have the same IP address,
configure the DHCP server to do this. Depending on the server,
It may be fairly easy (common small office/home routers)
or not quite as easy (if you have a custom DHCP server
on a PC).

[djekovic]

the thing is that a lot of employees in my company bring their laptops , and connect to internet by setting an ip address manually. i don't want that! and also, my boss told me that i need to find that "magic tool" that can accomplish trick with ip addresses that i was talking about.

[HROAdmin26]

A captive portal requiring user authentication seems to be what you need. Something like CoovaChilli.

As for "making sure IP_1 is only used by MAC_1" - this could *likely* be done with a custom white/black list with Squid. Look at both solutions and decide which one better fits your needs.

[djekovic]

i have been trying to make black and white mac list in squid for some time, but something goes wrong.
my squid is properly compiled, and every time it seems that squid has started successfully.
but, each time when i put:
acl "whatever" arp 23:3E:34:34:23:44
http_access allow whatever
http_access deny !whatever
every, apsolutely every pc and every site is blocked!!!

[jledhead]

sounds like you need a nac to stop people from bring in their own computers, turn on dhcp. don't just plan for today, plan for tomorrow. What happens when you statically assign all 126 computers, and then next year your boss wants to change the network range, or add 126 new computers? you will have to redo all of it. stick with dhcp and use a nac.

[djekovic]

thanks for you advice, i'll try everything related to nac, and than i'll come back with results
greetings!

[Lazydog]

You are going to have to use something that does MAC filtering. Even though you have DHCP setup there is nothing stopping people from setting up an ip address on their laptop and accessing the internet that way. No matter what solution you use it is going to be work keeping up with it, depending on the size of the company.

If you were using Cisco switches I would suggest looking into MAC filtering on the switch. You can then assign MAC's to ports and anything plugged in that doesn't have that mac will not connect.

The only problem with all of this is if you have smart clients they will be able to defeat this as MAC's can also be spoofed.

[jledhead]

never used it, but this looks like a good opensource nac
PacketFence: Home