DHCP Server MAC Address based filtering

Source: blogs.technet.com

 

DHCP Server team is excited to announce that the much appreciated and loved feature, MAC Address based filtering, (previously provided by this callout dll) is now a part of Windows Server 2008 R2 DHCP Server. Check out the blog.        The MAC Address filtering feature in Windows Server 2008 R2,   has provision for both Allow and Deny lists, with provision for wild-cards.        The Allow and Deny lists,  can be managed from within the DHCP MMC.

This DHCP Server Callout DLL helps administrator to filter out DHCP Requests to DHCP Server based on MAC Address. When a device or computer tries to connect to network, it shall first try to obtain ip address from DHCP Server. DHCP Server Callout DLL checks if this device MAC address is present in known list of MAC addresses configured by administrators. If it is present, device shall be allowed to obtain ip address or device requests shall be ignored based on action configured by administrator.

MAC address based filtering will allow network administrators to ensure that only know set of devices in the system are able get ip address from DHCP Server.  This DLL will help administrators to enforce additional security into network.

This callout DLL will help user in solving either of the following problems

  1. Allow Machines only belonging to set of MAC addresses to get ip address from DHCP Server.
  2. Deny Machines belonging to set of MAC addresses from getting ip address from this server.

This callout DLL shall work on Windows 2003 Server and Windows 2008 Server.

The usage is pretty simple and explained in the setup document along with the tool.

Both the dll (MacFilterCallout.dll) and the Setup document (SetupDHCPMacFilter.rtf) are copied on to %SystemRoot%\system32 folder after installation.

Updates done since initial version:

    1. Support for 32 bit and 64 bit OSs : Works on Windows 2003 and Windows 2008 Server
    2. Ease of setup : You do not have to copy the DLLs to obscure locations or edit the registry entries.    The installer copies the files into the appropriate locations and makes the necessary registry changes.
    3. Improved documentation :  Better documentation, along with a sample file.

    You can now specify upper case MAC addresses in the config file

     

  1. You can now check out the information log file, for information on what all addresses were allowed/denied, while the DHCP server service is running.

Known Issue:

  1. This callout dll may not work on localized builds (non english builds).

 

 

Source: blogs.technet.com