locked
Securing DHCP RRS feed

  • Question

  • Hi.

    Please advise how one goes about setting up a secured dhcp hand out.

    My issue is that i have over 150 client computers which require dhcp assignments,but at the same time i want to block unauthorised pc's on the network from obtaining an IP address.

    Is there a way where the authorised Pc requests an IP address from the microsoft DHCP server  and thru DHCP one can acknowlege the request, in doing so will put this pc's name or mac address automatically in a "safe group" that will allow it to obtain a free IP from the Pool going forward?

     

    My base is windows 2003 domain controller and currently running Linux DHCP doing mac filtering with +- 150 clients....looking to move to Microsoft DHCP if security is offered.

    thanks

     

     

    Wednesday, November 16, 2011 10:26 PM

Answers

  • Hi,

     

    Thanks for posting here.

     

    Based on my knowledge, DHCP server cannot authorize PC automatically. As a workaround, we can download the Callout DLL for MAC address filtering. With this component, we can set the following rules to filter MAC address:

    1. Allow Machines only belonging to set of MAC addresses to get IP address from DHCP server.

    2. Deny Machines belonging to set of MAC addresses from getting IP address from DHCP server.

     

    For more detailed information about MAC Address based filtering function, please check the following article and download the MacFilterCalloutInstaller.zip file:

     

    DHCP Server Callout DLL for MAC Address based filtering

    http://blogs.technet.com/b/teamdhcp/archive/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering.aspx

     

    Best Regards,

    Aiden

    • Marked as answer by Aiden_Cao Friday, November 25, 2011 3:09 AM
    Thursday, November 17, 2011 11:16 AM
  • بسم الله الرحمن الرحيم

    i agree with Aiden_cao for winows server 2003 but we can do this in windows server 2008r2 DHCP consol from DHCP- Server name - IPV4 - Filters - Allow or Deny with MAC adderss


    Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co. My blog: http://Mabdelhamid.wordpress.com/
    • Marked as answer by Aiden_Cao Friday, November 25, 2011 3:09 AM
    Thursday, November 17, 2011 11:25 AM

All replies

  • Hi,

     

    Thanks for posting here.

     

    Based on my knowledge, DHCP server cannot authorize PC automatically. As a workaround, we can download the Callout DLL for MAC address filtering. With this component, we can set the following rules to filter MAC address:

    1. Allow Machines only belonging to set of MAC addresses to get IP address from DHCP server.

    2. Deny Machines belonging to set of MAC addresses from getting IP address from DHCP server.

     

    For more detailed information about MAC Address based filtering function, please check the following article and download the MacFilterCalloutInstaller.zip file:

     

    DHCP Server Callout DLL for MAC Address based filtering

    http://blogs.technet.com/b/teamdhcp/archive/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering.aspx

     

    Best Regards,

    Aiden

    • Marked as answer by Aiden_Cao Friday, November 25, 2011 3:09 AM
    Thursday, November 17, 2011 11:16 AM
  • بسم الله الرحمن الرحيم

    i agree with Aiden_cao for winows server 2003 but we can do this in windows server 2008r2 DHCP consol from DHCP- Server name - IPV4 - Filters - Allow or Deny with MAC adderss


    Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co. My blog: http://Mabdelhamid.wordpress.com/
    • Marked as answer by Aiden_Cao Friday, November 25, 2011 3:09 AM
    Thursday, November 17, 2011 11:25 AM