By Default Windows Server 2003 DHCP hasn't got any ability to filter client mac address. HKLM\System\ControlSet001\Services\DHCPServer\Parameters\ In the right pane check for registry keys stated in the picture below. You should Restart DHCP Server service every time you change MACList.txt
To enable this function you should install "MAC Filter Callout" third party tool to enable this feature.
You can download this tool from the link below.
Download
After downloading. Install it on your DHCP Server. And Restart DHCP Server service from services console. After installation check for registry keys for macfiltercallout.
CalloutEnabled (DWORD) value = 1 (Enable) 0(Disable)
CalloutErrorLogFile = Indicating the place of Error Log file
CalloutInfoLogFile = Indicating the place of Information Log file
CalloutMACAddressListFile = Indicating the place of file that will be used for allowing or denying MAC Address
MAC Filtering
Locate and open the MACList.txt file. This file can be used for one purpose at a time.(Allowing or Denying)
For using allowing purpose first line in the file should be like MAC_ACTION={allow} (Devices that have these MAC addresses will be allowed other will be denied to get IP Address from DHCP Server)
For using denying purpose first line in the file should be like MAC_ACTION={deny}
MAC Address should be written in Lowercase.
Friday, April 3, 2009
Windows DHCP Server MAC Filtering
Subscribe to:
Post Comments (Atom)
How do you remove this after installing it?
ReplyDeleteYou can stop this function by setting the value of CalloutEnable key to 0(zero)that is under HKLM\System\ControlSet001\Services\DHCPServer\Parameters\ and then restart DHCP service.
ReplyDeleteDear sir,
ReplyDeleteI just tested to see if my phone can connect to my server's AP (DHCP, File, Print, Web, DNS, and Domain Controller Server with Windows Deployment [OS installation over the network]) with only my PSP's MAC address in the MAC_ACTION={ALLOW} and my phone didn't connect due to the filter being implemented, then I added my phone's MAC address on the list, and connects. Thanks for this great tutorial. My Server is being used as an AP because my DS and DS Lite only support WEP and Open Security while my PSP supports None, WEP, WPA-PSK (AES or TKIP [TKIP only works]), and my phone supports every security: None, WEP, 802.1X/EAP, WPA/WPA2-PSK (AES, TKIP, or both). I'm only using WEP with the MAC filtering, of course. Now, time to add my DS and DS Lite to my server's MAC List.