Preventing Static IP’s

I need to find a way to prevent laptops that are using our wireless network from assigning themselves a static IP.

Let me give you a little background on our network:

- We are a high school
- We are using multiple 3Com 4500G Switches
- Our wireless network is a 3Com Managed WX2200 w/ around 45 AP’s
- School owned computers have Static IP’s - Student laptops have reserved DHCP
- We have a NAC that sits infront of our DHCP server to enforce policies before a laptop or outside computer can gain access to the network.
- We are using a 10.x.x.x Class A IP scheme. No VLANs or routers.

What we are finding is that students are becoming wise enough to figure out how to get around the NAC enforced policies by putting a static IP on their computer prior to making a wireless connection. Because the NAC sits in line with the DHCP server, if the NIC never requests a DHCP, it never gets challenged by the NAC.

I need to know if there is a way to keep users from being able to put a static IP on their computer and gain access to the network. Is there a way that I could use the switches, by where I provide it a list of MAC addresses that should be requesting DHCP and if they dont, block them???

Any and all solutions are welcomed Thanks in advance!

You cannot accomplish what you want without enabling 802.1x on the switch…
Please read: http://www.microsoft.com/downloads/details.aspx?FamilyID=05951071-6b20-4cef-9939-47c397ffd3dd&displaylang=en

page 12:
Deploy your authenticating switches to provide network access for your wired network. Configure your authenticating switches to support 802.1X authentication and RADIUS. Configure the RADIUS settings on your authenticating switches with the following:
1. The IP address or name of a primary RADIUS server, the shared secret, UDP ports for authentication and accounting, and failure detection settings.
2. The IP address or name of a secondary RADIUS server, the shared secret, UDP ports for authentication and accounting, and failure detection settings.
-rich