DHCP Security Set-up - Help

utawakevou · ‎06-16-2004

We are using DHCP for Network configuration and Im just enquiring whetherDHCP servers have any option of leasing out IP address if the request meet a certain criteria.

We want a set-up like this:

1. New PC patched up to the network and look for the DHCP server

2. DHCP server issue an IP address which can be used by the client to communicate with only the DHCP server. Say for e.g the valid subnet where that PC is connected is 10.1.87.xxx but the DHCP server issue out a 192.1.87.xxx. But the DHCP server is located at 10.1.88.xxx subnet

3. Using the 192.1.87.xxx address the DHCP server did some scan on that PC on any security issues, virus and any other security breaches

4. If there is no security/virus issues found on that PC then the DHCP issue out a valid ip address e.g 10.1.87.xxx

5. If there are security/virus breaches then DHCP server dont issue a valid IP address

Is there a way we can set this up on DHCP environment ? Does Cisco have any of these option or a special set-up done through cisco routers or switches

Please I need information as we need to set this up to combat un-neccesary issuing of IP address in our DHCP network and security/virus breaches

gfullage · ‎06-16-2004

I don't know of any DHCP server that will do this for you, it would take a lot of smarts on the server plus an agent of some kind on the PC to send all that information.

What you might want to look at is Network Admission Control here:

www.cisco.com/go/nac

utawakevou · ‎06-17-2004

Thanks for your reply. I couldnt download this page. I believe it is to do with the page because I can access other sites with no problem

Hope you will help. Otherwise if you have papers for it just forward it to my e-mail : utawakevou@itc.gov.fj

thanks