cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
691
Views
0
Helpful
6
Replies

IOS DHCP Server

cowetacoit
Level 1
Level 1

Is it possible to have some sort of DHCP MAC address filter? Lets say someone connects a laptop to the network and the MAC address isn't in a allowed mac address list. So the DHCP server won't hand out an IP. I've been searching for an easy solution for this and not just in Cisco IOS. Microsoft has a "calloutdll" extension but i could never get it to work. So I'd like to try it with IOS. Like i said, I'd like to block a "rogue" MAC address unless it is in a allowed list. Port security is an option but we have a very large network (up to 800 devices).

6 Replies 6

Edison Ortiz
Hall of Fame
Hall of Fame

You have two options:

1) You can configure the DHCP server with "IP Address reservation" and map the MAC Address to an invalid IP within your network (blackhole).

2) You can use "mac-address-table static drop" in your switches:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_se/command/reference/cli1.html#wp2299728

Note.- Even if the DHCP does not assign an IP address, the client (usually seen in Windows) will assign itself an IP in the 169.254.x.x range.

__

Edison.

Please rate helpful posts

let me rephrase this.....

Lets say i have a list of "allowed" MAC addresses that i want to allow on the network. I'm worried that someone could bring a laptop from home. I'm asking if there is a way to list known mac's and block unknown mac's.

I have already used mac-address-table static drop in a few cases but I'm looking for a less administrative work overall.

Hi,

Why don't you try usng a MAC ACL with a list of permitted MACs only and block the communication for rest of the MACs.

Use this on the switch.

This might not be a direct solution at a DHCP level but should help you not to allocate DHCP address to unwanted MACs.

-> Sushil

OK, That maybe a solution for some of my smaller sites. on the overall network I'd like to implement some type of DHCP MAC Auth or NAC. I'm looking into Cisco NAC and Meta SAFE DHCP server, but both are very expensive solutions. I'm more or less looking for a temporary solution. mac ACL's may work like i said on some of my smaller edge switches

If i put the MAC ACL on a layer 2 edge switch with 2 or 3 different vlans on it, where would I apply the ACL?

?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: