Allow or deny DHCP by MAC address

I recently found this little gem on petri.co.il and subsequently discovered its origin at the DHCP technet blog. MAC Filter Callout DLL is a free dll file which allows a windows 2003 DHCP server to check a requesting client’s MAC address against a list of allowed or denied hosts before issuing an IP address.

This tool proved extremely useful in an environment I worked at where for whatever reason a client had two active directory forests setup in the same IP subnet. The forests domain controllers were connected via a trust relationship and for local exchange email connectivity, the servers needed to communicate with each other. Without Callout Dll there was no way to keep clients from one domain from grabbing IP addresses off of the other domains DHCP server.

With Callout Dll and two lists of MAC addresses (one for each forest easily obtained from the DHCP MMC) keeping the clients registered to their respective forest was an easy task without the need for expensive routing/switching equipment or an IP address block change.

Here’s how to install and use Callout DLL:

  1. DOWNLOAD MAC Filter Callout DLL
  2. Install the MSI (MacFilterCallout.dll and SetupDHCPMacFilter.rtf will be copied to %SystemRoot%system32)
  3. Copy the dll to a folder of your choice (i.e. C:callout)
  4. Add the following changes to the registry to HKEY_LOCAL_MACHINESystemCurrentControlSetServicesDHCPServerParameters
  5. Create your MAClist.txt file with the following format:
    MAC_ACTION={ALLOW}
    001122334455
  6. Create an info and error log file, and restart the DHCP Server service.
  7. If everything works fine, your info log file should display the following information:
    Action specified is : ALLOW
    Successfully read mac addresses
    The DHCP server has successfully started.

There it is, now you CAN have multiple DHCP servers on the same network.


Posted

in

by

Comments

3 responses to “Allow or deny DHCP by MAC address”

  1. James Sorenti Avatar
    James Sorenti

    Sweet! I’ve been trying to do this for ages. Got a multi-domain/server environment and dhcp restrictions have been a headache for quite some time.

    1. Vishnu Avatar
      Vishnu

      Thank you for this article. Was useful and its works.
      One more thing in the MAClist.txt the below command should be added before MAC_ACTION={ALLOW}
      001122334455
      ———-
      It should be
      #MACList.txt
      MAC_ACTION={ALLOW/DENY}
      001122334455

      1. David Vielmetter Avatar

        thanks for the correction.