Pine.LNX.4.33.0202081356230.22173-100000 at twiga.twiga.com">
a./
u're correct (u can't control what user does with his/her machine), BUT
this is another options if your wireless bridge do not support blocking
ip's, if it does (some do!) then you may as well use it, use of DHCP in
some cases users go ahead and have their own DHCP running on their LAN (no
crime done!), if they can listen to your's (DHCP), surely will be able
pass their DHCP broadcasts to other users too! i've seen several
installation of M$2000 with DHCP enabled and users have no idea at all it
is on!!
Bill
On Fri, 8 Feb 2002, Americo F. Muchanga wrote:
You can't prevent a user from assigning an IP to his local station. The
operating system has no way to find out that now you are going to use a
valid and/or a not-valid address. You can however prevent that user from
accessing the network. Typically u can do this first by placing a DHCP
in the network that will assign IPs based on the MAC addresses and place
a gateway based on IPlogin for instance to only open a route for those
users who had been authenticated. You should force all your users to
authenticate before they can get access to Internet at large.
rgds, a./
Antonio Godinho wrote:
I use Breezecom wireless equipment and the client radio can be
configured to let through only some IP´s and can also limit
bandwidth in steps of 32K. I don´t know if other equipment lets you
do that.
Cheers,
my knowledge on wireless sez that, if you have for-isp wireless gear u
should be able to restrict (or call it block) certain range of ip,
that wil be allowed in/out of the device, which will do pretty much
what you want. if by accident you have choosed a product which does
have that feature then you have what they call corporate wireless lan
devices.. not sure much can be done on switches mine (hp pro-curve)
does not
Bill
On Thu, 7 Feb 2002 ksemat at wawa.eahd.or.ug wrote:
Can someone give me an idea on how to stop a user from simply
assigning himself another user's ip address on a LAN or a wireless
network? We had a problem with a client who simply decided to assign
himself an extra ip because he thought he needed one unfortunately
this belonged to another client!!!
Is there a way to prevent this? arpwatch only seems to tell me which
mac address has changed etc I cannot locate clients by Mac address
obviously and yet I need to restrict this.