Anonymous_User Absent Member.
Absent Member.
734 views

MAC security w/o VLAN

I am looking to assign all our workstations a specific private IP
subnet
(192.168.1.0/23) via DHCP and register them w/ a DynamicDNS domain
(trusted.net). Any foreign workstations/Wi-Fi points/laptops would
still
be assigned addresses via DHCP, but in a different subnet
(192.168.128/25)
and DynamicDNS domain (untrusted.net).

There should be a way to implement this simple IF NOT .. THEN strategy
w/o
VLANS or other network equipment config.

Giving each MAC address a DHCP assigned IP from the trusted subnet
would
work, but is there any easier way?

Is there a way to bulk copy from MS DHCP server the MAC addresses?

Is there any way to have them still renew? Then I can expire systems
that
are surplused/replaced and reassign their IPs.

Thanks in advance!



Labels (1)
0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: MAC security w/o VLAN

In article <iE%kb.5458$S13.1462@prv-forum3.provo.novell.com>, wrote:> There should be a way to implement this simple IF NOT .. THEN
strategy w/o
> VLANS or other network equipment config.
>

You need some device to separate the 2 segments... a router or a layer
3
switch with VLANs. The router could be your NetWare server with
multiple
NICs installed.

bd
NSC Volunteer SysOp
www.InsightNetSolutions.net




0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: MAC security w/o VLAN

Sorry about excluding that info. Yes, there will be a router config'd
to
handle this and the DNIP servers will have IPs for both subnets. What
I
am trying to avoid is programming VLANs and MAC addresses into all my

switches. The current and future switches would require too much time
and
overhead.

what about the other questions...

Giving each MAC address a DHCP assigned IP from the trusted subnet
would
work, but are there any other ways?

Is there any way to have them still renew? Then I can expire systems
that
are surplused/replaced and reassign their IPs (very important).

Is there a way to bulk copy MAC addresses from MS DHCP server?

> In article <iE%kb.5458$S13.1462@prv-forum3.provo.novell.com>,

wrote:
>
> You need some device to separate the 2 segments... a router or a

layer 3
> switch with VLANs. The router could be your NetWare server with

multiple
> NICs installed.
>
> bd
> NSC Volunteer SysOp
> www.InsightNetSolutions.net
>





0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: MAC security w/o VLAN

In article <r4blb.5649$S13.283@prv-forum3.provo.novell.com>, wrote:
> What I
> am trying to avoid is programming VLANs and MAC addresses into all

my
> switches.
>

I guess I don't see why that would be needed. You have a router in
place,
so the segments are already separated, one for your secure net and the

other for your insecure (Wi_Fi) net. Or, maybe I'm still missing
something?

> Giving each MAC address a DHCP assigned IP from the trusted subnet

would
> work, but are there any other ways?
>

You could assign a static IP to each desired MAC address, or you can
input
the desired MAC addresses into the Include Address list, then let them
get
dynamic addresses. Either way requires an entry for each MAC address.


> Is there any way to have them still renew?
>

Yes, you can used timed leases with static IP assignments.

> Is there a way to bulk copy MAC addresses from MS DHCP server?
>

I don't think MS uses standard DHCPTAB files. If I'm right about
that,
then no. You might be able to import a list of addresses into the
Include
Addresses list via an LDIF file, if you go that way instead of using
static
IPs.

bd
NSC Volunteer SysOp
www.InsightNetSolutions.net




0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.