Filtering MAC addresses in Windows 2003/2008 DHCP server
Something I had to look up recently was how to filter specific MAC address from receiving an IP from a Windows 2003 based DHCP server. Before I go into how I did that I want to point to a neat utility I found on the web for finding the vendor for any specific MAC address one has.
MAC_Find: locate vendor for Ethernet/Bluetooth
I knew in both consumer and business class routers you could allow/deny MAC addresses to obtain DHCP addresses but had never tried to do it when Windows was serving IP addresses. So off to Google I went. When searching I stumbled upon this page:
How to Filter MAC Address with Windows DHCP Callout Filter
The article is a good read and here’s basically the summary for the purpose of this blog:
Published a while ago by Raunak Pandya from the DHCP Server Team, a DLL that you can install on your Windows Server 2003 and Windows Server 2008 DHCP servers, and which helps administrators to filter out DHCP Requests to DHCP Server based on MAC Address. This DLL is called the “DHCP Server Callout DLL”.
The system I was working with was a Windows 2003 server so I installed the x86 (as it is 32 bit, not 64 bit). When you install it there’s an RTF document filled with all the good manual information. This is definately an RTFM moment as if you don’t do this right you could DENY all MAC addresses trying to get an IP address, rather than ALLOWing all except the specific one you wanted to filter. (Once again, my advice- RTFM)
Once you install the callout dll it will dump the files into your %systemroot%\System32 folder (please read the other site for 64bit). Then open up the SetupDHCPMacFilter.rtf. I noticed that you can modify the location of the logs and text file that handles allow/deny actions.
Since I wanted to DENY specific MAC addresses that I list I set up my file like this:
#MACList.txt
MAC_ACTION = {DENY}
#List of MAC Addresses:
000a0c0d1254 #notation about MAC address
000d0c4a6723 #notation about MAC address
If you wanted to ALLOW only the MACs listed in the text file you’d change MAC_ACTION = {ALLOW} and then list every MAC address you wanted the DHCP server to serve IP addresses to.
The error logs and text file required by the dll is located in %systemroot%\system32\dhcp and the dll is located in %systemroot%\system32. The text file allows comments (obviously) and MAC addresses cannot have anything in them (such as a : or – ). If you wanted to modify the location of the text file and logfiles you would need to modify the registry entries that the installation puts in the registry.
These are located here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters
I left these alone but had to look at the registry keys in order to find the correct paths to the textfile and error logs as the documentation has different paths listed.
Once I made sure all that was settled I stopped and started the DHCP server and popped over to the Event Viewer to look for the 1033 event.
And here’s a screenshot of the magic event:
Popularity: 100% [?]
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
