Jump to content
xisto Community
Sign in to follow this  
taplinb

Set Os X Server 10.3 Dhcp To Filter Desks Restrict which PCs/Macs get DHCP IP #s

Recommended Posts

Among my other duties, I help run a small computing lab for med students at the U of MN. Recently I learned that though we only have about twenty legitimate DHCP clients on our wired ethernet getting addresses from our Mac OS X 10.3 Server (great system), thirty allocated DHCP addresses were being used. Huh?I found that some addresses went to testing, which I understand, but others were being grabbed by PCs that should have static IPs but were misconfigured and/or by outsiders who unplugged our PCs to network personal laptops (a no-no). We don't watch our PCs all the time and can't trust after-hours visitors to behave, so....First I made a list of the MAC addresses for every PC or Mac I knew should have DHCP. These 12-character addresses are globally unique. In OS X find it under System -> Network -> Ethernet (I think). On Win2k/XP Start -> Run cmd and enter "ipconfig /all" to find the MAC addresses and more. Warning: some PCs, Macs, and laptops have more than one address. Be sure to record the wired one.Then I logged onto our OS X Server as Administrator and lanuched the Server Administration app. After waiting a bit for it to recognize all services, including the Netboot service I had disabled (and may discuss elsewhere), I double-checked the DHCP status but then expanded Netboot -> Settings.It's a little counterintuitive to find DHCP restrictions under something other than DHCP, but that's where it is. I selected to Exclude all but the listed addresses, then proceeded to enter every MAC addresses I had recorded as being from a legitimate DHCP client PC or Mac. The format is AA:AA:AA:AA:AA:AA. The data entry is a little awkward and time-consuming, but you only need to do it once per new device.After entering all that, I played it "safe" and properly restarted the whole OS X Server (when nobody was depending on it) to make sure all services worked.We also sometimes use Netboot to deploy OS X configs centrally, but that's a more complex topic and would consume too many words.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.