Enter Search Query:

  • 4767
  • Close

Allow or deny DHCP by MAC address

I recently found this little gem on petri.co.il and subsequently discovered its origin at the DHCP technet blog. MAC Filter Callout DLL is a free dll file which allows a windows 2003 DHCP server to check a requesting client’s MAC address against a list of allowed or denied hosts before issuing an IP address.

This tool proved extremely useful in an environment I worked at where for whatever reason a client had two active directory forests setup in the same IP subnet. The forests domain controllers were connected via a trust relationship and for local exchange email connectivity, the servers needed to communicate with each other. Without Callout Dll there was no way to keep clients from one domain from grabbing IP addresses off of the other domains DHCP server.

With Callout Dll and two lists of MAC addresses (one for each forest easily obtained from the DHCP MMC) keeping the clients registered to their respective forest was an easy task without the need for expensive routing/switching equipment or an IP address block change.

Here’s how to install and use Callout DLL:

  1. DOWNLOAD MAC Filter Callout DLL
  2. Install the MSI (MacFilterCallout.dll and SetupDHCPMacFilter.rtf will be copied to %SystemRoot%system32)
  3. Copy the dll to a folder of your choice (i.e. C:callout)
  4. Add the following changes to the registry to HKEY_LOCAL_MACHINESystemCurrentControlSetServicesDHCPServerParameters
  5. Create your MAClist.txt file with the following format:
    MAC_ACTION={ALLOW}
    001122334455
  6. Create an info and error log file, and restart the DHCP Server service.
  7. If everything works fine, your info log file should display the following information:
    Action specified is : ALLOW
    Successfully read mac addresses
    The DHCP server has successfully started.

There it is, now you CAN have multiple DHCP servers on the same network.

October 11, 2008

Related Posts