Friday, April 3, 2009

Windows DHCP Server MAC Filtering

By Default Windows Server 2003 DHCP hasn't got any ability to filter client mac address.

To enable this function you should install "MAC Filter Callout" third party tool to enable this feature.
You can download this tool from the link below.

Download

After downloading. Install it on your DHCP Server. And Restart DHCP Server service from services console. After installation check for registry keys for macfiltercallout.

HKLM\System\ControlSet001\Services\DHCPServer\Parameters\


In the right pane check for registry keys stated in the picture below.






CalloutEnabled (DWORD) value = 1 (Enable) 0(Disable)

CalloutErrorLogFile = Indicating the place of Error Log file

CalloutInfoLogFile = Indicating the place of Information Log file

CalloutMACAddressListFile = Indicating the place of file that will be used for allowing or denying MAC Address


MAC Filtering



Locate and open the MACList.txt file. This file can be used for one purpose at a time.(Allowing or Denying)



For using allowing purpose first line in the file should be like MAC_ACTION={allow} (Devices that have these MAC addresses will be allowed other will be denied to get IP Address from DHCP Server)



For using denying purpose first line in the file should be like MAC_ACTION={deny}


MAC Address should be written in Lowercase.



You should Restart DHCP Server service every time you change MACList.txt






3 comments:

  1. How do you remove this after installing it?

    ReplyDelete
  2. You can stop this function by setting the value of CalloutEnable key to 0(zero)that is under HKLM\System\ControlSet001\Services\DHCPServer\Parameters\ and then restart DHCP service.

    ReplyDelete
  3. Dear sir,
    I just tested to see if my phone can connect to my server's AP (DHCP, File, Print, Web, DNS, and Domain Controller Server with Windows Deployment [OS installation over the network]) with only my PSP's MAC address in the MAC_ACTION={ALLOW} and my phone didn't connect due to the filter being implemented, then I added my phone's MAC address on the list, and connects. Thanks for this great tutorial. My Server is being used as an AP because my DS and DS Lite only support WEP and Open Security while my PSP supports None, WEP, WPA-PSK (AES or TKIP [TKIP only works]), and my phone supports every security: None, WEP, 802.1X/EAP, WPA/WPA2-PSK (AES, TKIP, or both). I'm only using WEP with the MAC filtering, of course. Now, time to add my DS and DS Lite to my server's MAC List.

    ReplyDelete

 
span.fullpost {display:inline;}