[DHCP] Re: Subnetting 192.168.10.0/24
Niall O'Reilly
Niall.oReilly at ucd.ie
Sun Sep 30 11:52:53 UTC 2007
On 30 Sep 2007, at 01:22, Ashley M. Kirchner wrote:
> The access point needs to allow both known as well as unknown
> clients, with the known ones being co-workers, and unknown being
> anyone that walks into the building with a device. If the client
> is a known client, provide full routing and DNS to them. If the
> client is unknown, then provide an IP that allows it to access a
> shared NFS/Samba drive and that's it. They don't get internet or
> any other routing.
So they do some snooping, and use manual configuration to obtain
the access you imagine you're denying them ... 8-)
You just can't do security on a shared network with DHCP.
You need an access point which supports multiple SSIDs, each with its
own VLAN, or else a second (set of) access point(s) to support the
access for 'unknown' clients.
Best regards,
Niall O'Reilly
University College Dublin IT Services
PGP key ID: AE995ED9 (see www.pgp.net)
Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20070930/1424edab/attachment.bin>
More information about the dhcp-users
mailing list