none
Windows Dynamic DHCP and MAC address filtering RRS feed

  • Question

  • We are segmenting our large network. Currently we have users on a single large scope/VLAN using windows DHCP. We use Static DHCP with single reservation (as we have one large scope). This has the one benefit in that the MAC address is registered once and can get IP and network connectivity from any building across the organisation.

    We now want to segment the network and we will have multiple scopes and IP helpers/relays. The problem is we want to continue to have flexibility of roaming across the segment LAN but to register the MAC address only once. If a user is connected to one subnet then they should get an IP address, if they move to a another part of the organisation then they need to get an IP address on the new subnet in a different scope (this can be dynamic).

    We want to implement some sort of Dynamic DHCP with MAC address filtering. A MAC is registered once but can obtain an IP address from multiple scopes within DHCP (depending on where connecting from). Is this possible in Windows DHCP or do we need to look at other solutions?? 

    Monday, September 4, 2017 7:43 PM

All replies

  • In otherwords ....

    Is there a feature in windows DHCP that allows a MAC address to be registered once and then the device can pick up a dynamic IP address in multiple scopes (if scope allows) depending on what subnet the user connects to?

    Tuesday, September 5, 2017 6:02 AM
  • Hi ShepsterD,

    Please check if the following link is helpful:

    https://blogs.technet.microsoft.com/teamdhcp/2012/09/15/scope-level-link-layer-filtering-using-dhcp-policies-in-windows-server-2012/

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 5, 2017 9:21 AM
  • Hi Candy,

    Thanks for the response. Reading the link it looks like the policy is at a scope level.

    We will have multiple scopes (one for each subnet). I want to have a single policy that validates allowed MAC and then the device gets an IP from the appropriate scope - depending on subnet device coming from.

    I want to avoid having to register devices in a policy for each scope.

    I believe this can be done with Linux ISC DHCP and a radius server (repository of authorised MACs) - or you could implement other solutions like Cisco ISE. Was hoping that I could provide a basic service using our existing W2K12R2 DHCP server.

    Best Regards,

    ShepsterD

    Tuesday, September 5, 2017 11:07 AM
  • Hi ShepsterD,

    Sorry for the delayed response.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 15, 2017 9:11 AM