Topic: DHCP

[[m364n0]]

Good morning guys, we have our SME Server installed on a clone PC served as a Proxy/DHCP Server...One day a newly installed Windows PC want to access to the internet, when we try to access to the internet by using an IP Address that already own by another PC that has already registered on our DHCP server along with his MAC Address, the newly installed Windows PC can access to the internet....my question now is, why the newly installed Windows PC that haven't register yet to our Proxy/DHCP Server can access to the internet? Eventhough the MAC Address that being register to our Proxy/DHCP Server is not belongs to the newly installed Windows PC?

[Jáder]

Hi

By default, DHCP  do not require you register each machine before it delivery IP addresses.
Just after a clean install, when a machine is plugged on same LAN  than server, it will get an IP fron DHCP on server.

[[m364n0]]

Yes I know that but the register MAC Address of the said IP can access to the internet and the clean install PC will get an IP Address of the DHCP Server cannot access to the internet that's why he will use the existing IP Address so that he can access to the internet....now my question is if the DHCP config is registering MAC Address of each ethernet card will be the best solution so other PC cannot steal their IP would be useless because still the clean installed PC can browse to the internet....

[Jáder]

So you're trying to filter who can access internet by MAC addresses ?
Please explain in detail your problem.

[[m364n0]]

Yes we're trying to filter those who and who can't access to the internet but still other user simply copy the ip address of other pc that has internet connection so they can have access to the internet....I thought that will pop up and error because that certain ip is already set and registered the mac address to the DHCP server.....

[janet]

m364n0

Add the mac adresses to the hostnames and adresses panel in sme server manager with the IP you require each PC to have. This will force DHCP to allocate that IP to the PC with the matching NIC mac.

Then install Dansguardian as per the wiki Howto and filter your users access based on IP.
I suggest you configure a blanket or global block on all net accesss, so initially no one can access anything. Then allow certain access for required (ie allowed) PCs based on IP. That also means any newly connected PCs will not be allowed net access due to the global block, until you add them to a filter group.  Alternatively the default filter group could have limited net access as you prefer. Refer Dansguardian wiki article for more details re filtering.
Instal Dansguardian and review each configuration file as there are useful details there re how to control access in different ways etc.

[Stefano]

Yes we're trying to filter those who and who can't access to the internet but still other user simply copy the ip address of other pc that has internet connection so they can have access to the internet....I thought that will pop up and error because that certain ip is already set and registered the mac address to the DHCP server.....

I guess your users are administrators or their pc.. that's bad..