Configuring a Router or WAP to Provide DHCP Services


Many small- to medium-sized networks use the router that provides Internet access as a DHCP server, using it to provide network addresses to client PCs. Configuring a router to act as a DHCP server is not difficult (most routers are configured to provide IP addresses by default), but you should be familiar with the process so you can make changes to the configuration, and, most important in the case of a wireless access point (WAP) or wireless router, limit the number of IP addresses provided. By limiting the number of IP addresses to the number of clients on your network, you can help minimize the possibilities of unauthorized users borrowing your network for Internet access or hacking.

To view or change the configuration of your router's DHCP settings, follow this basic procedure. This procedure is based on that used by Linksys routers, but others are generally similar:

1.

Log into the router's built-in configuration web server. Enter the router's IP address (this is the IP address listed as "default gateway" by the ipconfig command or equivalent discussed in Chapter 27) and enter the username and password needed.

2.

After logging into the router, open the DHCP configuration screen.

3.

If no devices are able to get an IP address, make sure the DHCP server is enabled (see Figure 28.21). The DHCP server function should be disabled only if all clients have manually assigned IP addresses or if another device on the network is being used as a DHCP server.

Figure 28.21. Configuring a Linksys router to provide DHCP addresses to up to 10 clients.


4.

Specify the starting IP address. Make sure the starting address is not already in use by a device with a manually assigned IP address.

5.

Specify the number of DHCP clients. If you enter 10, as in Figure 28.21, the router provides addresses to up to 10 clients. You should adjust this number to reflect the maximum number of clients that might connect to this router. For example, if you have a mixed wired and wireless network with three wired clients and up to two wireless clients, make sure you specify 5 for the number. If you specify a number less than 5, one or more of the wireless clients will not receive an IP address when they connect. If you specify a number greater than 5 and don't secure your wireless network, however, unauthorized clients might receive a DHCP address from your server and borrow your bandwidth or attempt to hack your network.

6.

To determine what clients are currently using an IP address provided by this router, click the DHCP Clients button shown in Figure 28.21. On some routers, this information might be displayed on the same screen as the remainder of the DHCP information. Note that the computer (client) name and MAC (adapter physical) address are listed for each client (see Figure 28.22).

Figure 28.22. Displaying current clients connected to a Linksys router.


7.

To refresh the listing shown in Figure 28.22, click Refresh.

8.

If an unauthorized computer is listed when you display DHCP clients, click the box next to the computer's MAC address and click Delete. This clears the connection from that computer to the router.

9.

Close the dialog. Click Apply or OK to accept changes to the router configuration, or click Cancel to discard changes to the configuration. The router restarts and your changes to the router configuration are now operational.

Note that you need to have a list of authorized computer (client) names to determine which computers or devices are authorized when you view the list of active clients. You can generate this information by running the hostname command on each client PC.

See "Using hostname and Related Commands," Chapter 27, p. 452, for details on running hostname.


For non-computer devices connecting to your network, check the device's configuration; see the device's documentation for details.

Using MAC Address Filtering to Stop Unauthorized Users

If your router lists unauthorized clients, use these methods to secure your network:

  • Use the MAC filtering option available in most routers and APs. You can configure the router to permit only specified addresses to connect, or prevent specified addresses from connecting (see Figure 28.23). If you see the same unauthorized MAC address being listed repeatedly on the list of DHCP clients, you might want to use the option to block only specified MAC addresses and specify the offending address. It's more secure, although more time-consuming, to permit only specified MAC addresses to connect. If you choose this option, make sure you have an up-to-date list of MAC addresses. If all authorized clients are currently connected, you can note the MAC addresses from the client listing shown in Figure 28.22. For clients not currently connected, you can use ipconfig /all (see Chapter 27) to display each client's MAC address.

    Figure 28.23. Configuring MAC address filtering on a Linksys wireless access point.

    If you use a router that supports both wired and wireless clients, you might need to specify the type of connection used for each MAC address you enter.

  • On a wireless network, be sure to enable wireless security, preferably WPA or WPA2.

See Chapter 23, "Security and Other Wireless Technologies," for details on enabling wireless security.


It's far too easy now to add unauthorized users to an unsecured network. Whether by installing a small switch or a small wireless access point, it's easy to break into a small network that relies on a DHCP-enabled router instead of a server with a list of authorized users. Use these methods to prevent unauthorized access.




Upgrading and Repairing Networks
Upgrading and Repairing Networks (5th Edition)
ISBN: 078973530X
EAN: 2147483647
Year: 2006
Pages: 411

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net