Microsoft Windows DDI Team Blog

Windows Server DNS, DHCP and IPAM solution!

DHCP Server Callout DLL for MAC Address based filtering

DHCP Server Callout DLL for MAC Address based filtering

  • Comments 304
  • Likes

DHCP Server team is excited to announce that the much appreciated and loved feature, MAC Address based filtering, (previously provided by this callout dll) is now a part of Windows Server 2008 R2 DHCP Server. Check out the blog.        The MAC Address filtering feature in Windows Server 2008 R2,   has provision for both Allow and Deny lists, with provision for wild-cards.        The Allow and Deny lists,  can be managed from within the DHCP MMC.


The current callout DLL shall no longer be available after December 15, 2010.


Team Networking


This DHCP Server Callout DLL helps administrator to filter out DHCP Requests to DHCP Server based on MAC Address.  When a device or computer tries to connect to network, it shall first try to obtain ip address from DHCP Server. DHCP Server Callout DLL checks if this device MAC address is present in known list of MAC addresses configured by administrators. If it is present, device shall be allowed to obtain ip address or device requests shall be ignored based on action configured by administrator.

MAC address based filtering will allow network administrators to ensure that only know set of devices in the system are able get ip address from DHCP Server.  This DLL will help administrators to enforce additional security into network.

This callout DLL will help user in solving either of the following problems

1.       Allow Machines only belonging to set of MAC addresses to get ip address from DHCP Server.

2.       Deny Machines belonging to set of MAC addresses from getting ip address from this server.

This callout DLL shall work on Windows 2003 Server and Windows 2008 Server.

The usage is pretty simple and explained in the setup document along with the tool.

Both the dll (MacFilterCallout.dll) and the Setup document (SetupDHCPMacFilter.rtf) are copied on to %SystemRoot%\system32 folder after installation.

Updates done since initial version:

    1. Support for 32 bit and 64 bit OSs : Works on Windows 2003 and Windows 2008 Server
    2. Ease of setup : You do not have to copy the DLLs to obscure locations or edit the registry entries.    The installer copies the files into the appropriate locations and makes the necessary registry changes.
    3. Improved documentation :  Better documentation, along with a sample file.
    You can now specify upper case MAC addresses in the config file

  1. You can now check out the information log file, for information on what all addresses were allowed/denied, while the DHCP server service is running.

 Known Issue:

  1. This callout dll may not work on localized builds (non english builds).

Raunak Pandya

DHCP Server Team


We thank our users, for your patronage of the Server Callout DLL.     The DHCP team is interested in obtaining your feedback,   on this utility.   Please contact us at msnetworkteam_AT_live_DOT_com,   if you are willing to share your experiences and help us improve our products.



  • It's very cool, but where is the setup document exactly?

  • The setup document is extracted in the same folder where u install the dll from the msi package..

    Raunak Pandya

    DHCP Server Team

  • Uhhh, and where is this folder? Through install (on w2k3 r2) I can't choose the target folder, and sorry, but I don't find any files, but only a MacFilterCallout.dll in System32...

  • Hey.. You dont get an option to select the target folder while installing.. By default both the callout dll and the setup document are extracted in the system32 folder.. I dont remember the name of the setup document ( word file) but its something like SetupMacCalloutFilter.doc

    Raunak Pandya

    DHCP Server Team

  • Thank you for your help, the exact file name is SetupDHCPMacFilter.rtf.

  • I cant seem to find the correct configuration file syntax.

    I have a file named DHCPMACFILTER.TXT, have specified its full pathname in the relevant registry key (in Parameters like said above, Win2k3 here) and inside has 2 lines:



    The error file says that "File format not proper" and the info files that the DHCP server has started.

    If I remove the MAC address and leave only the MAC_ACTION line then I get again "File format not proper" in the error file, but now the info file has:

    The DHCP server has successfully started.

    Thu Oct 18 13:54:52 2007 0018f3047478 Allow

    Please advice further...


  • Try using the syntax MAC_ACTION={ALLOW} or MAC_ACTION={DENY}

    Let me know if u still face problem..

    Raunak Pandya

    DHCP Server Team

  • i cant see any logs 1033 from the event viewer.

  • Thanks for your answer, it works perfectly.

    Gee... never thought the curly brackets where part of the syntax as their usual meaning is to specify the set of disticnt values allowed.

    Anyway, thanks again, very useful addon.

  • Hey akira

    If u dont see any 1033 log in the event viewer.. It means your callout dll has not been correctly loaded. Please see tht you are following the setup instructions carefully. And NOTE: while creating keys in registry.. You have to create it under: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters

    Please let me know if you still face problems..

    Raunak Pandya

    DHCP Server Team

  • This is a feature I have been waiting for way too long. Up until today if you wanted to have some control

  • This is a feature I have been waiting for way too long. Up until today if you wanted to have some control

  • What about classifying a device (VOIP phone) so that it's thrown into a separate range of IP addresses like ISC DHCP allows for?

    I can classify my phones (all NEC) based on the first three parts of the MAC ID so that they're assigned IP's in the 10.30.15 range, but never into 10.30.13 or 10.30.14.

    This is a VERY DESIRED feature that isn't addressed anywhere in the DHCP services.

  • This seems to be nearly what we need for our application, but is it possible to use a range of MAC addresses?

    For example we have a range of addresses for an embedded system, and we want to use DHCP for assigning an IP address, without interferance with the our office network.

    Something like following will solve this :



    Thanks in advance


  • This all sounds great, but I wish that instead of doing this:







    I could do this:



    That way I could permit DHCP to any vendor specific device and deny DHCP to all others without having to make periodic changes to the MAC list and worry about stopping/starting the service.  We have 3000+ devices (all from one vendor) that we want to get DHCP while not allowing it for anything else.  Anyone know if this will work?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment