none
DHCP Reservations and Exclusion RRS feed

  • Question

  • I have a vlan set up for just Apple TV devices.  In the DHCP scope, I have created reservations for all of them.  But I want to block all dynamic allocation from that scope, so that only the designated devices get an IP.

    I originally set up an exclusion zone of the entire range.  But quickly found out that with no available addresses, DHCP won't even issue the IP for reserved devices.  So I then set up my exclusion zone to be just the addresses without reservations.  Same result.  DHCP is currently running on Server 2008 R2.  My last resort is to allow dynamic allocation and then just block those addresses at the firewall, but not desirable.

    How can I block all dynamic allocation from the scope? 

    Tuesday, December 27, 2016 4:20 PM

Answers

  • That is a normal behavior and not just on the Windows Server but on any DHCP server.  The IP addresses you have excluded will never be allocated by the same DHCP server.

    The MAC filtering is set at server level, it will affect all other scopes.

    You will need another DHCP server or you will have to migrate to Server 2012 this role and create a policy.

    • Marked as answer by brozett Wednesday, December 28, 2016 2:24 PM
    Wednesday, December 28, 2016 10:23 AM

All replies

  • This can be achieved with the DHCP policies introduces in Windows Server 2012, maybe you can migrate the DHCP role to a such server if available?

    I would create a different IP subnet  and DHCP scope, enable the Allow filters if needed.  Add the MAC addresses of the clients you want to the filter.

    • Proposed as answer by John Lii Wednesday, December 28, 2016 2:25 AM
    Tuesday, December 27, 2016 5:08 PM
  • Based on my understanding you probably want to enable the Allow filter and add the MAC addresses of your devices in there.

    Have a look at this article which makes it more clear:

    https://technet.microsoft.com/en-us/library/ff521761.aspx

    Kind regards,

    Adrian


    • Edited by Adrian Takacs Tuesday, December 27, 2016 5:11 PM
    • Proposed as answer by Adrian Takacs Tuesday, December 27, 2016 5:11 PM
    • Unproposed as answer by Adrian Takacs Wednesday, December 28, 2016 10:24 AM
    Tuesday, December 27, 2016 5:10 PM
  • Hello,

    If it doesn't work, something else is wrong. Having reservations within a exclusion range is supported by a Microsoft dhcp server.


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Tuesday, December 27, 2016 5:39 PM
  • What is routing between your networks (vlans), and on what network segment is your DHCP located. By default DHCP traffic won't get route out site it's broadcast domain.

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Tuesday, December 27, 2016 5:43 PM
  • Hi Brozett,

    You could configure DHCP policy to block dynamic allocation as Adrian mentioned.

    For reservations issue, you need to ensure DHCP function properly at first, and then add reservations with your devices.

    To ensure DHCP function properly, please check if has sent DHCP Broadcast packet, and ensure DHCP and device were in the same LAN.

    You could check link below to deploy DHCP reservations:

    Add a Client Reservation

    https://technet.microsoft.com/en-us/library/dd183670(v=ws.10).aspx

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 28, 2016 2:25 AM
  • There is nothing wrong with his first approach. Simply choosing another option won't remove any potential issues with his dhcp server?

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Wednesday, December 28, 2016 2:35 AM
  • Our network is structured with each building on a separate vlan, with a L3 switch at each using an IP helper-address pointer to the DHCP server which sits in a separate server vlan.  Each scope has a pool of 1k, with the first 254 excluded and all reservations are within the zone.  The three bigger schools have larger pools, but the exclusion is still 254.  This has been in place for years. And because of this structure, I can't use the Allow filter as suggested.

    I've added the new vlan in the building with the Apple TVs.  I tested both dynamic and reservations and they work fine.  When I set the exclusion zone to be the same extent as the address pool, the scope reports zero available addresses and stops issuing, even reservations.  If I drop the size of the exclusion zone, both reservations and dynamic work again.  I also tried setting the zone to be all addresses without a reservation and got the same result.

    My objective is to issue IPs to only the Apple TVs and exclude all other addresses in the pool.  Trying to keep students from connecting to the AV SSID because it has reduced filtering.


    • Edited by brozett Wednesday, December 28, 2016 9:04 AM
    Wednesday, December 28, 2016 8:59 AM
  • That is a normal behavior and not just on the Windows Server but on any DHCP server.  The IP addresses you have excluded will never be allocated by the same DHCP server.

    The MAC filtering is set at server level, it will affect all other scopes.

    You will need another DHCP server or you will have to migrate to Server 2012 this role and create a policy.

    • Marked as answer by brozett Wednesday, December 28, 2016 2:24 PM
    Wednesday, December 28, 2016 10:23 AM
  • I don't understand. Maybe I'm talking about the wrong thing, but when you say 'exclusion zone' do you mean 'IP adresses excluded from distribution' in the adress pool.

    If that's the case, those two pictures above clearly states addresses will be provided to a client with a MAC reservation..even if there is no 'free' addresses left..

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Wednesday, December 28, 2016 2:07 PM
  • Jesper, You understand correctly.  I am trying to exclude distribution of any address that is not reserved.  I don't know if those pictures were taken from a Server 2008R2 based DHCP or not, but my server will not distribute any address (even a reserved address) if the available addresses in the scope is zero.
    Wednesday, December 28, 2016 2:24 PM
  • I have a new Server 2012 R2 VM created, I just need to migrate my existing DHCP data to the new server.  Maybe I can get it done while the kids are off for Christmas break.
    Wednesday, December 28, 2016 2:29 PM
  • Oki,

    No it's a server 2012r2,.so there might be a difference. I do get errors in the log saying that an IP requests was denied due to no IP's left,.but as soon the reservation is in place,.it works.

    If you go for 2012r2 it should be straight forward to migrate. I'll have a look on 2008r2, it's a noticeable difference.., if that scenario isn't supported :)

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Wednesday, December 28, 2016 2:47 PM