Controlling IP addresses!!!!!!!

Hello friends,


Just came across a peculiar requirement for the first time in my 7 year long networking career.

Requirement is to assign IP address via DHCP to only those users who are logging in the domain. If a particular user is doing a local login (may be as administrator) then he/she should not be asssigned any IP address.The network in question is a mix of LAN and WLAN.

As per my understanding this is not possible. :roll:

Will appreciate any views/suggestions on this.

Thanks !!!!!!!!

My suggestion to sort of meet this requirement is the use of 802.1x. The reason why I say it sort of meets the requirement is because that's not what 802.1x does. But it will ensure only authenticated domain users are allowed to get on the network because otherwise, their switchport is shut down. 802.1x is dependent on many things. Your switches will need to support it. You'll need a RADIUS server (check out FreeRADIUS if you're on a limited budget), and the configurations will also be a little advanced, especially if you want the RADIUS server to authenticate users against an existing database like Active Directory.

Here's some links on the subject that get more in-depth.
Free RADIUS

Basics of 802.1x

A Cisco document w/basics of 802.1x and configurations

Thanks for the reply. You are right that it doesnot actually fulfills the requirement.

Anyway thanks for providing interested docs. I was not having complete idea of 802.1x on wired LAN.

Regards