can I exclude mac's from getting IP leases

Answered Question
Apr 14th, 2008

I have an environment, where I need to exclude specific mac addresses from getting dhcp leases when running dhcp oon a IOS router. Is this possible?

I have this problem too.
0 votes
Correct Answer by Edison Ortiz about 8 years 6 months ago

I recommend taking the time to read the documentation:




Correct Answer by guibarati about 8 years 6 months ago

you must assign a separate dhcp pool for each static MAC-to-IP assignment.

So you can add new pools, but not add more MACs to the new pool

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.4 (5 ratings)
guibarati Mon, 04/14/2008 - 07:00

I don't know if is there a way to do that, to block an mac address to get IP from DHCP in the router, but I see two ways you can follow:

1 - Create an MACAddress access list (to do that number it from 700 to 799)

then put this access list in the interface. (I don't know if it's really possible to put an mac access list in an interface) if so your problem is solved its just to block the desired MAC.

2- If the solution above does not work I would sugest you to create an fixed IP to that MAC address and and with an IP that is not in your network. For example, if your network is you could give this mac an IP with gateway

See how to do it:

Router1(config)#ip dhcp pool IAN


Router1(dhcp-config)#client-identifier 0100.0103.85e9.87

Router1(dhcp-config)#client-name win2k






Please rate if it helps.

gerheauserm Mon, 04/14/2008 - 07:13

I was not able to get the mac related access-list applied to the interface. And, your example for statically assigning a mac to an IP is a bit confusing. I already have one scope on my router for the allowed users, would I create a second scope?

guibarati Mon, 04/14/2008 - 07:19

yes, a second scope that would apply only to the specific MAC (it thakes precedence over the dinamic allocation).

Then in this scope the IP address for this MAC will be completly different of the rest of your network, and if this MAC try to get an IP from your DHCP it will take an invalid IP and will access nothing in your network

gerheauserm Mon, 04/14/2008 - 07:22

Ok, this should be the last question. Can I put more than one mac-to-IP in the new DHCP pool?

Correct Answer
guibarati Mon, 04/14/2008 - 08:29

you must assign a separate dhcp pool for each static MAC-to-IP assignment.

So you can add new pools, but not add more MACs to the new pool

gerheauserm Tue, 04/15/2008 - 09:35

I tried that, but still have nodes with MACs that I put on separate dhcp pools, pulling IP leases from the main generic dhcp pool on that router. Are you sure I need to prefix the mac in the client-id field with a "01" then slide the decimal point 2 places?

gerheauserm Tue, 04/15/2008 - 11:38

I did, and fully understand the technology. What I am not able to do, is statically bind a mac to an IP, even using the following example:

ip dhcp pool bad36


client-id 0100.16ce.7b95.01

where 0016.ce7b.9501 is the node mac.

The if from a range on an ethernet, (as a secondary range) that is not allowed to route anywhere. Whenever that mac requests a dhcp lease, it gets it from the primary scope on the router. Am I missing something?


This Discussion