[DHCP] Re: Subnetting

Niall O'Reilly Niall.oReilly at ucd.ie
Sun Sep 30 11:52:53 UTC 2007

On 30 Sep 2007, at 01:22, Ashley M. Kirchner wrote:

>    The access point needs to allow both known as well as unknown  
> clients, with the known ones being co-workers, and unknown being  
> anyone that walks into the building with a device.  If the client  
> is a known client, provide full routing and DNS to them.  If the  
> client is unknown, then provide an IP that allows it to access a  
> shared NFS/Samba drive and that's it.  They don't get internet or  
> any other routing.

	So they do some snooping, and use manual configuration to obtain
	the access you imagine you're denying them ... 8-)

	You just can't do security on a shared network with DHCP.

	You need an access point which supports multiple SSIDs, each with its
	own VLAN, or else a second (set of) access point(s) to support the
	access for 'unknown' clients.

	Best regards,

	Niall O'Reilly
	University College Dublin IT Services

	PGP key ID: AE995ED9 (see www.pgp.net)
	Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20070930/1424edab/attachment.bin>

More information about the dhcp-users mailing list