DHCP Filter RRS feed

  • Question

  • Hi!

    We need to deny some devices in our DHCP but even after enabling the DHCP Deny Filter and adding the MAC Address to Deny filter clients are still able to get the IP addresses. We tried this on both Windows 2008 R2 and Windows 2012.

    Any Suggestions?


    Thursday, March 24, 2016 9:15 AM


All replies

  • Make sure that the lease time is not too long, so that the clients just use their "old" lease before you configured the deny list (do a ipconfig /release & ipconfig /renew on one of the denied clients). (Take a look into your DHCP Log file)

    also, make sure your deny policy is ENABLED on the DHCP Server.


    Gregor Stefka


    Businessprocessautomation with the EWS SQL Interface SQLExchangeSync

    Thursday, March 24, 2016 12:54 PM
  • Run ipconfig /renew on device you denied and check again.

    For the config, I have documented it here so make sure you are doing it properly:

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Friday, March 25, 2016 12:54 AM
  • Hi!

    You could try to run the BPA associated with DHCP an see if there is something we've missed. Under normal conditions it works flawless but it might depend on certain aspects that we currently don't know but we will find them out. 

    Make sure that you are not filtering any reserved ip addresses.

    You also might want to try the reverse if it's not to much effort, create an Allow list and then the Deny list should be populated.

    Also there is a Step by Step guide to demonstrating DHCP filtering in a lab/test enviroment :

    In addition,it could bypass this MAC filter by using MAC spoofing or setting a different MAC address.

      Best Regards,


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact

    Friday, March 25, 2016 2:38 AM