Canalblog
Editer l'article Suivre ce blog Administration + Créer mon blog
Publicité
PROSERVIA : Pôle Conseil Expertise
Newsletter
Archives
PROSERVIA : Pôle Conseil Expertise
4 novembre 2009

Block Bad Guys With Windows 2008 R2's Nifty New DHCP MAC Address Filtering Tool

When I first saw that Windows NT Server 3.5 included something called a "DHCP server" that freed me from having to hand-configure static IP addresses on every one of my IP-connected computers, I was delighted, and I've used Microsoft's DHCP in my networks ever since.  Now, between NT 3.5 and now, DHCP hasn't really changed all that much.... unless you're talking about the DHCP server service shipped with Windows Server 2008 R2.

The new stuff in R2 isn't earth-shattering, but it is convenient, and provides a sort of "poor man's quarantine" by letting you control which machines your DHCP server should give IP addresses to, and lets you do it in a fairly convenient way.  In this article, I'll introduce you to R2's DHCP MAC address filtering feature and how to make the most of it.

R2 DHCP MAC Filtering Overview

Basically, here's what R2's DHCP Server can do with MAC address filtering:

  • Either block any particular MAC address from getting an IP address, or allow any particular MAC address to get an IP address.
  • Arrange the question of gets blocked from and who gets allowed to have an IP address either as a whitelist (no one gets an IP address unless their MAC address is on the "allowed" list) or a blacklist (everyone gets an IP address unless their MAC address is on the "deny" list).
  • By default, DHCP runs as a blacklist with no IP addresses on the "deny" list.
  • R2's DHCP server lets you enter one or MAC addresses into its filters in several ways:
    • hand-enter the MAC address into the GUI (ugh)
    • hand-enter a range of MAC addresses using "*" as a wild card (better)
    • select a bunch of systems that already have a DHCP lease, right-click them and add them to either the allow or deny list with just a few mouse clicks (even better)
    • feed the DHCP server a text list of MAC addresses
    • use a new command-line tool to enter one or more MAC addresses

I'll show you how to do all that here.

--> The rest is on Mark's Website, very interesting indeed...

http://www.minasi.com/newsletters/nws0911.htm

Publicité
Commentaires
Publicité
Publicité