Author Topic: How to hand out DHCP Leases to Mitel Devices Only  (Read 8142 times)

Offline Mattmayn

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1069
  • Country: vi
  • Karma: +14/-0
    • View Profile
How to hand out DHCP Leases to Mitel Devices Only
« on: April 29, 2010, 09:00:15 PM »
I know that I have seen the option before but I could not find it today. I have been requested by a "Security Specialist" to have my 3300s (MCD 4.0 SP2) on a customer's site only hand out leases to Mitel equipment. I thought this was a check box somewhere in the System IP Config area. Am I wrong?
« Last Edit: April 06, 2013, 11:07:44 AM by ralph »


Offline Chakara

  • Hero Member
  • *****
  • Posts: 607
  • Karma: +2/-0
    • View Profile
    • Kyle Petree
Re: DHCP
« Reply #1 on: April 29, 2010, 09:41:02 PM »
  I think that DHCP is DHCP and if a device is on the same broadcast domain (VLAN) then the Mitel will give out the address.  That seems like an odd request.....

-Chak

Offline Mitel100

  • Sr. Member
  • ****
  • Posts: 262
  • Country: gb
  • Karma: +6/-0
    • View Profile
Re: DHCP
« Reply #2 on: April 30, 2010, 04:52:08 AM »
As you said this security expert is making sure that the 3300 only hands out IP addresses to Mitel phones, of course out of the box it will handle requests from all equipement request DHCP.

There is some programming on the 3300 you can do on the DHCP setting to only allow the 3300 to distribute IP addresses to mitel phones. It is as follows: (Copied from MOL)

'In order to prevent any other device except a Mitel IP Phone from getting an IP from the Mitel DHCP server, follow these steps

1. Give your IP Address Range the following name: ipphone.mitel.com
2. Enable the Client's class ID must match name option in the IP Range.

This causes the DHCP server to ignore all non-mitel IP Phone requests for an IP address. Please note that controller must be running 7.0 software or higher. As well if any new phones are added, then this option needs to be turned off until they upgrade their flash for the first time.'

Offline ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5739
  • Country: us
  • Karma: +468/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: DHCP
« Reply #3 on: April 30, 2010, 09:04:30 AM »
I'm not sure on this so you'll have to experiment a bit.
But under DCHP Address Ranges there is this option: "Client's class ID must match name: "
Set it to True and then test.

Ralph
« Last Edit: June 24, 2016, 02:27:57 PM by ralph »

Offline Chakara

  • Hero Member
  • *****
  • Posts: 607
  • Karma: +2/-0
    • View Profile
    • Kyle Petree
Re: DHCP
« Reply #4 on: April 30, 2010, 09:08:36 PM »
  Very cool - now I have to read up more on DHCP to see how that works.  Sounds like a DHCP client may advertise what time of device it is in the DHCP request...

-Chak

Offline Mattmayn

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1069
  • Country: vi
  • Karma: +14/-0
    • View Profile
Re: DHCP
« Reply #5 on: May 03, 2010, 07:15:36 AM »
Thank, I'll let you guys know if it makes him happy or not.

I love it when people suddenly take an interest in phones and start making demands, I mean requests, about the config. Two years after the install!

Offline Mattmayn

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1069
  • Country: vi
  • Karma: +14/-0
    • View Profile
Re: DHCP
« Reply #6 on: May 05, 2010, 08:32:47 AM »
Only drawback is the fact that this has to be disabled every time you want to add a new phone.

Offline johnkeri

  • Jr. Member
  • **
  • Posts: 56
  • Country: ca
  • Karma: +2/-0
    • View Profile
Re: How to hand out DHCP Leases to Mitel Devices Only
« Reply #7 on: June 24, 2016, 11:54:55 AM »
This is a very old thread but it is still valid, and would like to make it clear that the previous post is incorrect.
You do not have to change this option when adding new phones.
The option Client Class ID must match is valid since all Mitel IP phones use the same Class ID string 'ipphone.mitel.com'.

The real drawback is connecting to the system with your computer on that VLAN, since that is not a Mitel device it will not get an IP address.
Suggest implementing this feature for security and performance if you have wireless devices on the voice VLAN.
- by adding static reservations to your wireless devices in combination with this option you can lock down your DHCP server

Offline VinceWhirlwind

  • Hero Member
  • *****
  • Posts: 899
  • Country: au
  • Karma: +31/-0
    • View Profile
Re: How to hand out DHCP Leases to Mitel Devices Only
« Reply #8 on: June 26, 2016, 08:54:59 PM »
...and if somebody wants their laptop to get an IP address from the "locked down" DHCP scope, all they have to do is go to a command-prompt and tell it:
ipconfig /setclassid ipphone.mitel.com
 
Whoever the "security specialist" is, what they are doing here has not much to do with security and a lot to do with generating unnecessary work.

Offline petr.necas

  • Sr. Member
  • ****
  • Posts: 393
  • Country: cz
  • Karma: +8/-0
    • View Profile
Re: How to hand out DHCP Leases to Mitel Devices Only
« Reply #9 on: June 28, 2016, 09:20:41 AM »
That security expert would also suggest to update the SW to the latest release 7.2 SP1 PR1. Am I right?

Offline johnkeri

  • Jr. Member
  • **
  • Posts: 56
  • Country: ca
  • Karma: +2/-0
    • View Profile
Re: How to hand out DHCP Leases to Mitel Devices Only
« Reply #10 on: June 28, 2016, 01:35:15 PM »
Not to be blunt, but argumentative.

Consider the scenario of wireless access points handling Spectralink phones that do not support security settings in the AP.
- any iPhone user walking by the building would get an IP address if there phone is allowed to access 'unknown networks'
- now that they have an IP address they know that there is a network and they can try to access it
- another problem is that you just ran out of IP addresses of your scope and none of the 'new' Spectralink phones want to work
The suggested configuration can prevent these problems.

Offline VinceWhirlwind

  • Hero Member
  • *****
  • Posts: 899
  • Country: au
  • Karma: +31/-0
    • View Profile
Re: How to hand out DHCP Leases to Mitel Devices Only
« Reply #11 on: June 28, 2016, 07:48:14 PM »
...except you control who joins your wireless network through your wireless network security, surely, not through an easily-bypassed DHCP restriction.
Surely you wouldn't deploy a WiFi network that has no WiFi security?
« Last Edit: June 28, 2016, 07:50:39 PM by VinceWhirlwind »

RogerV

  • Guest
Re: How to hand out DHCP Leases to Mitel Devices Only
« Reply #12 on: June 29, 2016, 07:24:57 AM »
Is it going to be a single cable deployment or dual ?

I have some templates for dhcp server that I use but I dnt use the Mitel for dhcp I use an adtran router I can share if you like


Sent from my iPhone using Tapatalk


 

Sitemap 1 2 3 4 5 6 7 8 9 10