http://www.dslreports.com/forum/r20864675 en Wed, 11 Nov 2009 11:39:14 EDT Wed, 11 Nov 2009 11:39:14 EDT http://www.dslreports.com/forum/remark,20869742 anon : 802.1x(wired or wireless), dynamic vlans with VMPS, Cisco NAC... to name a few, though 802.1x sounds like it fits your scenario best.]]> http://www.dslreports.com/forum/remark,20869742 Tue, 29 Jul 2008 23:17:17 EDT http://www.dslreports.com/forum/remark,20866724 Euphrates : Well, I believe you could configure Active Directory to issue only a certain block of ip ranges to Active Directory computers and then have the DHCP Server (probably running on the DC) issue out another range of ip addresses to "other" computers not a part of Active Directory. Once done, then the configuration on the router is a simple access list denying internet access to the non-Active Directory range of ip addresses.

This is a quick and dirty solution, but should work. However, because it isn't relying on Active Directory on the router side, it can be bypassed.]]> http://www.dslreports.com/forum/remark,20866724 Tue, 29 Jul 2008 14:26:48 EDT http://www.dslreports.com/forum/remark,20865012 aryoba : Are you referring to MS Active Directory Domain? If yes, then the management setup you are looking for should be centralized on the Domain Controller. In addition, you may need external authentication server such as RADIUS to restrict which destination IP addresses certain users can or cannot access.]]> http://www.dslreports.com/forum/remark,20865012 Tue, 29 Jul 2008 08:46:07 EDT http://www.dslreports.com/forum/remark,20864675 anon : hi,

i want to configure my LAN so that only those PCs which are registered in Domain and are logged through Domain can access the internet and LAN resources, the rest of the users which are logged to their PC as local user should not be able even to get IP from DHCP and use static IP given manually to their PC for accessing any thing on the LAN.]]> http://www.dslreports.com/forum/remark,20864675 Tue, 29 Jul 2008 05:55:32 EDT