DHCP MAC filtering on Windows Server 2003 and 2008 R1

by · Published · Updated

Recently I needed to setup MAC filtering on our DHCP server and being familiar with Windows Server 2008 R2 I thought it was a standard feature.  However I couldn’t be more wrong.  It turned out none of the previous server versions had this feature.  So after a little searching I found an addon from Microsoft Technet that does the trick.  It is called DHCP Callout.  It is an MSI for 32 and 64 bit operating systems. So the installation is easy but it took me a minute to figure out how to configure it.

So after the installation you can access the files in the C:\Windows\system32\dhcp.  In that directory a few files are installed.

  • MacFilterCalloutErrorlog.txt
  • MacFilterCalloutInfolog.txt
  • MACList.txt
  • SetupDHCPMacFilter.txt

It adds log files, a config file, and a setup document.  It also adds a few registry entries in HKLM\System\CurrentControlSet\Services\DHCPServer\Parameters.  These entries are as follows.

  • CalloutDlls                                   –  This specifies the dll path for the dhcp server
  • CalloutEnabled                           –  This loads the dll
  • CalloutErrorLogFile                   –  Specifies the Error log path
  • CalloutInfoLogFile                      –  Specifies the Info log path
  • CalloutMACAddressListFile     –  Specifies the name and location of MAC filter list

This is all covered in the setup guide as well.  To setup the MAC filter list is pretty simple as well.  You simply take you MAC addresses without and colons, dashes, or spaces and add them to the MACList.txt file.  However at the top of the file you have to tell the DHCP server to allow or deny the MAC addresses that you have entered.  Below is an example of the MAC filter list.

MAC_ACTION = {ALLOW}  or DENY
0001a0c00d54
0001a0c10d35

We used this to improve security and to keep machines that are not ours off our DHCP server.  All in all this works well.  We found this out when we couldn’t get some of our systems to pick up an IP address from our server.  Turns out we forgot to add them to the list.  Anyhow we no longer have problems with systems controlled by another group of admins using up our IP space.  So if you find this may be something that you are looking for you can download it at the following address.

http://blogs.technet.com/b/teamdhcp/archive/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering.aspx

 

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.