DHCP question

I am really at the shallow end of the pool when it comes to knowledge and I am sorry if this is a dumb question, but someone has to ask them.... :wink:

I may soon not need this but as is it is what I have so I would like to know if this is possible.

My network is fixed IPs. I have a DHCP pool for anything new I get to use while setting up - mostly for headless things. Computers I set their IP address while configuring them.

So as I understand DHCP is (or can be) complicated and very restrictive.
Good and bad.

But I'm wondering (as I use PiHole as the DHCP server also) if there is a way that any new machine - connecting with DHCP and a variable IP number - is restricted in it's use of the network.

When I was at work, we had work computers and if you plugged in a non-work computer basically you were locked out of the network as the machine didn't have the credentials.

Yes, that is opening a whole can of worms.... Which is why I am maybe going to go down an alternate route - more expensive router (front end) that allows different networks and no cross network traffic.

Anyway, before I dig too big a hole for myself, I'll stop here.


You cant use DHCP to prevent certain devices from connecting to your network.
DHCP only advertises IP details and its up to the clients to honer them/adapt them.
If you set static IP and DNS details on the client host itself, you can circumvent DHCP entirely.

What your experiencing at work is most likely done by only allowing trusted client MAC addresses on the switch or firewall.

Seems that what I was thinking is/may be too difficult for me.

Note that DHCP is strictly an IPv4 protocol.

Depending on your DHCP server, you may already have the option of allowing only known clients to join your network, usually based on client MAC addresses.

An unkown MAC address client's DHCP requests would be ignored, and effectively the client wouldn't be able to join your IPv4 network.

If you'd wanted such a new client to join, you'd then commonly have to manually type its MAC address into your router or DHCP server, or temporarily lift the 'known clients only' restriction.

As DHCP is about configuring a client network node for an IPv4 network, instead of not supplying information at all, you could also decide to configure that client for different subnets, gateways, DNS servers etc.

However, DHCP cannot enforce a client to stick with those values, or control how a client can communicate with your network.

Ultimately, it would depend on your routing equipment whether and how it would allow you to restrict or separate a client's traffic and communications to certain subnets or target ips.

PiHole is my DHCP server.

So I can't say if it does or not.

Luckily I am stubbornly sticking to IP4.

IP6 blows my brain when talking to people who have it.
I don't think I need 65 gazillion local addresses.