How to secure lan so that any rougue laptop/pc donot get the ip address fom the dhcp, a big question mark, but possible in wireless media but what about wired media. Same question was asked to me few days back and my instant response was dhcp did not support authentication. But I replied we can use the dot 1x for the wired media.
So i started out my testing lab with one of my colleague and installed domain controller with radius. We use the dot1x mechanism to authenticate the pc/laptops; After 2 days testing we got the positive results.
Advantages
1. Get rid form the man in middle attack.
2. Dictionary attacks can be stopped with this.
3. Security of Lan; No one will get the ip address until and unless he/she is having domain username & password.
I am writing document on this, If someone need on urgent basics kindly mail me.