none
DHCP Filter RRS feed

  • Question

  • Hi!

    We need to deny some devices in our DHCP but even after enabling the DHCP Deny Filter and adding the MAC Address to Deny filter clients are still able to get the IP addresses. We tried this on both Windows 2008 R2 and Windows 2012.

    Any Suggestions?

    Thanks.

    Thursday, March 24, 2016 9:15 AM

Answers

All replies

  • Make sure that the lease time is not too long, so that the clients just use their "old" lease before you configured the deny list (do a ipconfig /release & ipconfig /renew on one of the denied clients). (Take a look into your DHCP Log file)

    also, make sure your deny policy is ENABLED on the DHCP Server.

    hth

    Gregor Stefka

    --

    Businessprocessautomation with the EWS SQL Interface SQLExchangeSync

    Thursday, March 24, 2016 12:54 PM
  • Run ipconfig /renew on device you denied and check again.

    For the config, I have documented it here so make sure you are doing it properly: http://social.technet.microsoft.com/wiki/contents/articles/25665.how-to-enable-and-configure-dhcp-mac-address-filtering.aspx


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Friday, March 25, 2016 12:54 AM
  • Hi!

    You could try to run the BPA associated with DHCP an see if there is something we've missed. Under normal conditions it works flawless but it might depend on certain aspects that we currently don't know but we will find them out. 

    Make sure that you are not filtering any reserved ip addresses.http://technet.microsoft.com/en-us/library/ee941155(WS.10).aspx.

    You also might want to try the reverse if it's not to much effort, create an Allow list and then the Deny list should be populated. 

    http://technet.microsoft.com/en-us/library/ee956897(WS.10).aspx

    Also there is a Step by Step guide to demonstrating DHCP filtering in a lab/test enviroment : http://technet.microsoft.com/en-us/library/ee405265(WS.10).aspx

    In addition,it could bypass this MAC filter by using MAC spoofing or setting a different MAC address.

      Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, March 25, 2016 2:38 AM