+ Post New Thread
Results 1 to 4 of 4
Windows Server 2008 Thread, MAC address filtering in DHCP in Technical; Hello, I am trying to stop users from connecting their personal devices to the network as every time they do ...
  1. #1
    lafleur1977's Avatar
    Join Date
    May 2009
    Location
    Lancashire
    Posts
    163
    Thank Post
    121
    Thanked 4 Times in 4 Posts
    Rep Power
    12

    MAC address filtering in DHCP

    Hello,

    I am trying to stop users from connecting their personal devices to the network as every time they do they are given a DHCP lease. We disconnect unused network ports but some users use the active network ports or wireless network. For the wireless I can probably deny mac addresses on our WLAN controller but I am looking for a more effective method if possible.

    The DHCP server runs Windows Server 2008 and I am aware that R2 has mac filtering built into DHCP. I have been looking at DHCP Server Callout DLL for MAC Address based filtering (DHCP Server Callout DLL for MAC Address based filtering - Microsoft Windows DHCP Team Blog - Site Home - TechNet Blogs) but have not been able to get this to work successfully using the following syntax:

    #MACList.txt
    MAC_ACTION = {DENY}
    #List of MAC Adresses:
    0014858b482e #PCNAME

    Anyone know were I may be going wrong or of any alternatives?

    Thanks

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,808
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    This is the wrong tool for this job. You need to use network access control. You have two options.

    1) Use 802.1X on your network. This requires your switches supporting it, plus some retooling of your DC(s) to support RADIUS and certificate services.
    2) Use some sort of network server to control the network access. I have used packetfence in the past successfully. No doubt other edugeekers can offer alternatives.

  3. Thanks to Geoff from:

    lafleur1977 (19th October 2011)

  4. #3
    lafleur1977's Avatar
    Join Date
    May 2009
    Location
    Lancashire
    Posts
    163
    Thank Post
    121
    Thanked 4 Times in 4 Posts
    Rep Power
    12
    We actually use Network Policy Server and RADIUS to authenticate wireless devices but have struggled with non network devices which come up with a certificate error when trying to connect. All inherited and I am new to NPS/RADIUS/certificate services. I can see how this would be better in that the device would require the certificate to gain access to the network.

    Thanks for your reply.

  5. #4

    Join Date
    Mar 2007
    Posts
    1,831
    Thank Post
    89
    Thanked 311 Times in 239 Posts
    Rep Power
    89
    use DHCP NAP. create a rule denying by mac, then allowing by mac then allowing if the computer account can be found in AD.

  6. Thanks to strawberry from:

    lafleur1977 (19th October 2011)

SHARE:
+ Post New Thread

Similar Threads

  1. Empty MAC address... DHCP refusing to lease IP for RIS
    By contink in forum Wireless Networks
    Replies: 4
    Last Post: 19th October 2010, 02:19 PM
  2. Replies: 1
    Last Post: 24th June 2010, 07:37 AM
  3. Google images completely filtered in Lancs?
    By ChrisH in forum General Chat
    Replies: 12
    Last Post: 22nd November 2005, 09:01 AM
  4. MAC Addresses and Computer Names
    By mattpant in forum Wireless Networks
    Replies: 4
    Last Post: 29th October 2005, 04:58 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •