http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspxOverview The increased threat perception has caused security to be instrumented and enabled at various levels in the enterprise IT infrastructure. Network and system administrators are increasingly becoming security conscious and are constantly onen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspx#3527819Sun, 21 Oct 2012 19:53:25 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3527819Stephen<p>Nevermind! Found my answer: <a rel="nofollow" target="_new" href="http://technet.microsoft.com/en-us/magazine/ff521761.aspx">technet.microsoft.com/.../ff521761.aspx</a></p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3527819" width="1" height="1">http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspx#3527817Sun, 21 Oct 2012 19:46:42 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3527817Stephen<p>You say the deny list takes precedence? I want to deny all mac addresses except for those I explicitly allow. &nbsp;I thought this would be accomplished by adding * to the deny list and adding the individual addresses to the allow list, but if the deny list takes precedence then it would seem that even the allowed devices would be blocked. &nbsp;Obviously I&#39;m not understanding something here. Help?</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3527817" width="1" height="1">http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspx#3280327Thu, 10 Sep 2009 13:18:35 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3280327teamdhcp<p>We have had questions asked of us on the impact of the link layer filtering (aka MAC address based filtering)on the DHCP server performance.</p> <p>Based on the testing conducted for measuring impact of MAC address based filtering on performance, we have found negligible performance drop with MAC address based filtering configured.</p> <p>With 100,000 MAC addresses configured (50,000 each in allow and deny list), the drop in average response time was to the order of 1-2% across multiple test runs.</p> <p>Prasad</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3280327" width="1" height="1">http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspx#3260938Fri, 03 Jul 2009 06:27:53 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3260938teamdhcp<p>Hello Bruce,</p> <p> If I understand your concern correctly, you need to have link layer filtering or MAC based filtering in previous version of Windows OS.</p> <p> We had been supporting this through our callout dll, please check the following link if it suffices your requirements.</p> <p><a rel="nofollow" target="_new" href="http://blogs.technet.com/teamdhcp/archive/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering.aspx">http://blogs.technet.com/teamdhcp/archive/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering.aspx</a></p> <p>Thanks,</p> <p>Subhash Badri</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3260938" width="1" height="1">http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspx#3260808Thu, 02 Jul 2009 18:34:21 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3260808Bruce<p>I have not seen the DHCP Security change feature yet and was wondering if there is a download for the DHCP module so that it can be used on all of the Windows 2000, 2003 and 2008 Non-R2 servers. &nbsp;If you have a small business you may not have the budget to upgrade the entire server platform to 2008R2, so what is Microsoft doing to help these types of customers? &nbsp;It would seem Microsoft should provide this to help follow the Presidents lead on Cybersecurity <a rel="nofollow" target="_new" href="http://www.whitehouse.gov/the_press_office/Statement-by-the-President-on-the-White-House-Organization-for-Homeland-Security-and-Counterterrorism/">http://www.whitehouse.gov/the_press_office/Statement-by-the-President-on-the-White-House-Organization-for-Homeland-Security-and-Counterterrorism/</a> </p> <p>Can anyone tell me if there is a DHCP update for these other platforms that allows an Administrator a way to control which MAC addresses get on your network? &nbsp; I would hope it has a MAC request window to allow the network administrator to see all of the requesting MAC ID’s in a simple window which would have an option to provide a Security ADMIN to allow Once or Allow Permanent Access, Decline Access by the requesting MAC ID selected in the window by an Admin.</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3260808" width="1" height="1">http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspx#3220904Wed, 01 Apr 2009 12:27:02 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3220904Microsoft Windows DHCP Team Blog<p>DHCP Server team is excited to announce that the much appreciated and loved feature, MAC Address based</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=3220904" width="1" height="1">http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspx#3215678Fri, 20 Mar 2009 15:40:01 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3215678Microsoft Windows DHCP Team Blog<p>This tool can be used by DHCP Administrators to view all the events generated by Windows DHCP Server</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=3215678" width="1" height="1">http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspx#3214044Tue, 17 Mar 2009 17:13:26 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3214044teamdhcp<p>Hey Pete,</p> <p>In case you were using the MacFilterCallout dll and you have the Maclist.txt file with you, you can use the following tool to import the entries in WS08 R2 DHCP Server:</p> <p><a rel="nofollow" target="_new" href="http://blogs.technet.com/teamdhcp/archive/2009/02/16/mac-filter-import-tool.aspx">http://blogs.technet.com/teamdhcp/archive/2009/02/16/mac-filter-import-tool.aspx</a></p> <p>Or else,</p> <p>the DHCP MMC in WS08 R2 also supports converting active lease to filters.</p> <p>Hopefully this would make your job easier.</p> <p>Thanks</p> <p>Raunak Pandya</p> <p>DHCP Server Team</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3214044" width="1" height="1">http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspx#3214040Tue, 17 Mar 2009 16:53:24 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3214040Pete<p>Is there a way of importing a list of MAC addresses into the 2008 R2 DHCP server. I cannot find the MAClist file that there was on the Windows 2003 server version and I have about 800 addresses to be added to the ALLOWED list.</p> <p>Thanks</p> <p>Pete</p><div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3214040" width="1" height="1">http://blogs.technet.com/b/teamdhcp/archive/2009/01/21/link-layer-based-filtering.aspx#3202921Mon, 16 Feb 2009 17:02:06 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3202921Microsoft Windows DHCP Team Blog<p>Hello Everybody, Thanks for all those who tried the MacFilterCallout dll . As you all must have checked</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=3202921" width="1" height="1">