none
Deny IP from Server2003 DHCP based on Vendor ID

    Question

  • Hi

    How can I deny to offer an IP to a DHCP request when the request is from a device with a certain Vendor class ID (DHCP option 60)?

    I have some devices that should get their IP from a Linux DHCP server instead of from the Server2003. The Linux DHCP server has been configured to only give IP's when a certain Vender class ID matches.

    I now need the opposite on the Server2003, i.e. to not give an IP out on these Vendor classes.

    How can I set that up in the Server 2003?

    Thanks

    Franz

     

    Friday, March 18, 2011 1:24 PM

Answers

All replies

  • Hello,

    please see:

    http://blogs.technet.com/b/teamdhcp/archive/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering.aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, March 21, 2011 9:45 AM
  • Hi Franz,

     

          DHCP client obtain IP from the first DHCP server successful response however the DHCP response denied, failed, delayed.

          For Win2003,you could configure the vendor class DHCP scope with no IP available, all this scope IP already used and reserved. DHCP Client will failed to obtain IP from Win2003 and gain IP from Linux server.

     

    How to Create a New DHCP User or Vendor Class

    http://support.microsoft.com/kb/240247

     

    Vendor Class Identifier

    http://technet.microsoft.com/en-us/library/cc782411(WS.10).aspx

     

          For Win2008, you could configure DHCP scope delay configuration to keep your Linux DHCP first send DHCP response.

          Or use a Callout Dll tool to deny DHCP function by vendor class.

     

    How Do We Configure DHCP Scope Subnet Delay Using Netsh Command

    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/38c86b36-53ac-4af9-8d3b-ad91478dd939

     

     

    Option based IP Address assignment Callout Dll

    http://blogs.technet.com/b/teamdhcp/archive/2009/06/12/option-based-ip-address-assignment-callout-dll.aspx

     


    Regards, Rick Tan
    Monday, March 21, 2011 9:56 AM
    Moderator
  • The Ooption based IP Address assignment Callout dll would be what I need. Unfortunately, I am on Server 2003.

    I'll look into one of the other suggestions.

     

    Thanks

    Franz

    Thursday, April 14, 2011 3:14 PM
  • Looks like I need some more assistance.

    I could not find out how to tell a scope to be active for a certain Vendor Class only.

    If I get this correct, I should end up with two scopes. The one used by all our normal clients and a new one that is only to be used by the clients with a certain Vendor ID.

    How do I tell the scope which Vendor ID it should respond to or to which not?

    How do I create a scope that has not more (in fact no) IP addresses in it?

     

    Thanks for your help.

    Regards

    Franz

    Thursday, April 14, 2011 3:55 PM
  • Hi Franz,

         I recommend you upgrade windows server to 2008.

         In your case, certain vendor class device is not rogue device, also could setup in windows 2003 DHCP with vendor class option.

    How do I tell the scope which Vendor ID it should respond to or to which not?

    Use 802.1x security wired network could deny vendor ID, but not all device support 802.1x and you also need assign IP to them by Linux DHCP server.

    How do I create a scope that has not more (in fact no) IP addresses in it?

    DHCP with a normal scope, setup reservations for all clients, and setup an exclusion for all other IPs unused. It will cost more work time.

     

     

     


    Regards, Rick Tan
    Friday, April 15, 2011 2:13 AM
    Moderator
  • >I recommend you upgrade windows server to 2008.

    This is easier said than done. I can not just simply and quickly update our SBS2003.

     

    Thanks for trying to help anyway.

    Franz

     

    Friday, April 15, 2011 9:13 AM