Microsoft Windows DHCP Team Blog

The world's most deployed DHCP Server! Deploy and discuss about your fav. server, here!

DHCP Server Callout DLL for MAC Address based filtering

DHCP Server Callout DLL for MAC Address based filtering

  • Comments 303
  • Likes

DHCP Server team is excited to announce that the much appreciated and loved feature, MAC Address based filtering, (previously provided by this callout dll) is now a part of Windows Server 2008 R2 DHCP Server. Check out the blog.        The MAC Address filtering feature in Windows Server 2008 R2,   has provision for both Allow and Deny lists, with provision for wild-cards.        The Allow and Deny lists,  can be managed from within the DHCP MMC.

 

The current callout DLL shall no longer be available after December 15, 2010.

 

Ajay
Team Networking

 

This DHCP Server Callout DLL helps administrator to filter out DHCP Requests to DHCP Server based on MAC Address.  When a device or computer tries to connect to network, it shall first try to obtain ip address from DHCP Server. DHCP Server Callout DLL checks if this device MAC address is present in known list of MAC addresses configured by administrators. If it is present, device shall be allowed to obtain ip address or device requests shall be ignored based on action configured by administrator.

MAC address based filtering will allow network administrators to ensure that only know set of devices in the system are able get ip address from DHCP Server.  This DLL will help administrators to enforce additional security into network.

This callout DLL will help user in solving either of the following problems

1.       Allow Machines only belonging to set of MAC addresses to get ip address from DHCP Server.

2.       Deny Machines belonging to set of MAC addresses from getting ip address from this server.

This callout DLL shall work on Windows 2003 Server and Windows 2008 Server.

The usage is pretty simple and explained in the setup document along with the tool.

Both the dll (MacFilterCallout.dll) and the Setup document (SetupDHCPMacFilter.rtf) are copied on to %SystemRoot%\system32 folder after installation.

Updates done since initial version:

    1. Support for 32 bit and 64 bit OSs : Works on Windows 2003 and Windows 2008 Server
    2. Ease of setup : You do not have to copy the DLLs to obscure locations or edit the registry entries.    The installer copies the files into the appropriate locations and makes the necessary registry changes.
    3. Improved documentation :  Better documentation, along with a sample file.
    You can now specify upper case MAC addresses in the config file

  1. You can now check out the information log file, for information on what all addresses were allowed/denied, while the DHCP server service is running.

 Known Issue:

  1. This callout dll may not work on localized builds (non english builds).

Raunak Pandya

DHCP Server Team

 

We thank our users, for your patronage of the Server Callout DLL.     The DHCP team is interested in obtaining your feedback,   on this utility.   Please contact us at msnetworkteam_AT_live_DOT_com,   if you are willing to share your experiences and help us improve our products.

Ajay
Team DHCP

 

Attachment: MacFilterCalloutInstaller.zip
Comments
  • Hi!

    This looks great, I wish I could make it work.. I have set the values, and it all looks good. The filter file maclist.txt looks like this:

    MAC_ACTION={DENY}

    000742a72dea

    the log says

    Thu Oct 18 13:54:52 2007 000742a72dea Allow

    the error file says

    file format not proper

    It looks like same error as above, but I have the {}, I have tried to add/remove spaces around =, but no luck. Text encoding is ANSI, I have tried UTF-8, but I guess this shouldnt make a diffecence. Where do I go from here?

    Tor Arne Pedersen

  • Hope you specifying the file path correctly in the registry. And also strictly take care of all the following guidelines. It should work..

    • First line in the file should specify the action. Action can be either ALLOW or DENY

    o When action is specified as ALLOW, all requests from MAC address present in this list will be served by dhcp servers. All requests originating from MAC address not present in this list will be ignored.

    o When action is specified as DENY, all request from MAC address present in the list will be ignored by dhcp servers. All requests from MAC addresses not present in this list will be severed by dhcp server.

    o Only one action out of ALLOW or DENY can be specified in MAC Address List File

    • MAC address should be specified in format XXXXXXXXXXXX (where X can be hex digit 0 - F).There should not any delimiter such as -,  : in MAC address.  Each MAC address should be specified in separate line.

    Let me know if u still face the issue.

  • I redid it all, and it worked perfectly. Thanks for this tool. I wonder how I can make IPs be leased forewer, I guess callout.dll could do this.

  • Is the Callout filtering can support wildcard if I want to deny all as to 101010 beginning MAC addresses?

  • As of now the callout dll doesn't support wildcards.

    Raunak Pandya

    DHCP Server Team

  • I would like to know that Infolog files have the max size constraints.

  • Even after adding the mac address in the allow list, server is not serving IP to the specified pc. seems some bug on the dll.

  • Hey Senthil,

    Can you plz tell me what problem exactly you facing.. Can yo check the Log file and see the message.. The dll has been tested and seem to work fine for others too.. Please check your settings as mentioned in the rtf file. If you still face trouble please get back to me..

    Raunak Pandya

    DHCP Server Team

  • Hey Pandya

    I perfectly configured as per the doc, when I see the log  there were many deny messages for the Mac address which is in allow list.

    My environment is Win2k3-Sp2 and in fact I have checked with a desktop and few laptops mac addresses included in the allow list. But as per the log those are comes under denied.

    Looking for your help.

  • Do you have deny and allow both configured?

    Raunak Pandya

    DHCP Server Team

  • Hey

    I have configured only Allow list.

  • Thanks for this tool!  I see that wildcards are not supported, but are there plans to support mac wildcards in a future release?

  • Hey Senthil,

    I wonder why the tool isn't working for you.. We have tested it here.. It works fine.. Its working fine for so many other users after posting it here.. I would once again suggest you to double check your configuration..

    Raunak Pandya

    DHCP Server Team

  • Is it planned to add wildcard feature to your tool?

    As on other post here I would like to deny all requests from e.g. IP phones.

    Best regards,

    Juergen

  • Thx so much for this addition. I was really cursing MSDHCP until I found this bit. It works great, and plan on rolling it into production soon.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment