Wireless Router from Home

[mpadgett]

I'm looking for a way to circumvent the potential of having a user bring a wireless router from home, which is setup to be a DHCP client, and connect it to our network which also is configured to be a DHCP server to wireless clients. In theory this would allow any unscrupulous wireless user to connect to our network. Is there any possible way to restrict the DHCP server from assigning an IP address to the wirless router? Any suggestions?
Mike P.

 

[ShackDaddy]

The only way I know to do this is to know the MAC addresses of all the proper clients and create reservations for them on your DHCP server. Don't have any addresses in your scope that don't have exclusions or reservations accounting for them. That way the server recognizes those clients and takes care of them, but doesn't have anything to give to rogue DHCP clients.

Outside of having some sort of table that tracks MAC addresses, you can't really know whether a new wireless DHCP client is a rogue or not.

ShackDaddy

 

[ShackDaddy]

Ah, here's another option: using certificates to authenticate wireless clients on your network.

http://www.microsoft.com/downloads/...B3-010B-47E7-B234-A27CDA291DAD&displaylang=en

ShackDaddy

 

[elmurado]

The PEAP/Radius option is a good control but you may want to make sure this is explicitly forbidden in your policy. You can also audit for access points by using NetStumbler or even Kismet.