cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
273
Views
0
Helpful
1
Replies

IP adress control with DHCP

Gerson Acevedo
Level 1
Level 1

Hi

 

I have a big issue right now. I am making changes to my company network. The system administrator has this control. Where he can create a rule in the firewall and allow people to go to the internet or limit the access using the ip address. We have a static environment. We are going to implement DHCP with  VLAN. Each deparment will have a VLAN with a subnet. But the  system administrator wants the same control. block users using the ip address. Since we are going to use DHCP this is going to be imposible. 

 

Do exist any solution to block or allow acces to a user in specific with a DHCP environment?

 

Any sugestion?

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

But the  system administrator wants the same control. block users using the ip address

Well that isn't going to work because unless you create static IP assignments within the scope for each client you don't know what IP a user has.

And if you create static IP assignments for all clients then why use DHCP at all.

Unless you can groups users who are allowed the same access into a vlan/IP subnet in which case you could limit control based on IP subnet but if you want to do it on a per user basis then using the IP address just isn't going to work.

So, if you have to move to DHCP, you need some way of authenticating users based on their credentials as opposed to their IP address.

The ASA does support AAA authentication so that a user has to authenticate to the firewall before they get access to the internet but only for a limited set of protocols.

That may be a solution if you only need the common applications users require and if you have a AAA server in your network.

I have never used it so I can't say how easy it is to setup or how well it works.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: