• Contact
  • Homelab
Dimitris Tonias
  • Management
  • Monitoring
  • Cloud
  • Virtualization
  • Networking
  • Productivity
No Result
View All Result
  • Management
  • Monitoring
  • Cloud
  • Virtualization
  • Networking
  • Productivity
No Result
View All Result
Dimitris Tonias
No Result
View All Result

Configure DHCP Server 2016 Filters

Dimitris Tonias by Dimitris Tonias
February 18, 2018 - Updated on April 21, 2024
in Management
Reading Time: 3 mins read
A A
4
Share on FacebookShare on Twitter

After installing the DHCP role in Windows Server 2016 and setting up the first IPv4 Scopes to serve IP addresses to clients, it’s time to see how DHCP Filters work.

DHCP Filters are primarily used to further shield an infrastructure by allowing or denying specific clients based on their MAC addresses. Setting up DHCP Filters is quite simple and works at the server level, not at Scope level.

In a nutshell, with DHCP Filtering, you can filter clients, based on their MAC addresses, in order to either allow them to receive addresses from a DHCP Server or prevent (Deny) that from happening.

Before proceeding with the implementation of DHCP Filters, you will need to know how these filters are applied.

  • When the Allow list is enabled, DHCP Server only serves IP addresses to the clients in this list automatically while rejecting all the others. If clients already had an IP address before filtering, then their IP will not automatically renew when Lease expires.
  • When the Deny list is enabled, DHCP Server discards all the clients in this list. If clients already had an IP address and are now in the Deny list, then their Lease will not be renewed once they expire.
  • By combining the two, Allow and Deny, the Deny list has precedence. This means that if a client is on the Deny list, it will be prevented in any case even if it is in the Allow list.

Now, let’s see how to configure DHCP filters.

Configure Filters in DHCP Server 2016

In the DHCP console, expand the server and IPv4 objects and go to the Filters object. Here, you’ll see two sub-folders (lists), Allow and Deny. By default, the two lists are deactivated and you can see this from the red down arrow, as shown in the figure below.

Configure DHCP Server 2016 Filters

To add a DHCP Client to the Allow list, right-click and then click New Filter. Next, type the client’s MAC address and a description (optional) and click the Add button to complete the process.

Configure DHCP Server 2016 Filters

The MAC address you type can be dashed (eg AA-BB-CC-DD-EE-FF) or without (eg AABBCCDDEEFF). You can also use the asterisk (*) as a wildcard to declare a range of MAC addresses. For example, AA-BB-*-DD-EE-FF, AA-BB-CC-*-*-*, AA-BB-*.

Respectively, follow the same procedure to add clients to the Deny list.

What is important to know is that the Deny list is superior to any other setting. So, if a client does not receive an IP address from a DHCP Server and the Filters are enabled, then your first action will be to check if it is in the Deny and then in Allow lists.

Additionally, you can move one or more clients from one list to another by right-clicking and then choose the corresponding option.

Configure DHCP Server 2016 Filters

You can do the same for clients already in Address Leases, of course not having to type the MAC address.

Configure DHCP Server 2016 Filters

Finally, do not forget to enable or disable the Allow and Deny lists by right-clicking and then choosing the corresponding option.

If the DHCP clients are VMs of a Hyper-V Server, you may prefer to set static MAC address instead of dynamic MAC addresses that are assigned by default.

Tags: DHCPDHCP ServerWindows Server 2016
ShareTweetPin
Previous Post

Configure Dynamic MAC addresses on a Hyper-V 2016 host

Next Post

Configure Reservations in DHCP Server 2016

Related Posts

Approve updates in WSUS 2016
Management

Approve updates in WSUS 2016

Configure Group Policy to deploy updates using WSUS 2016
Management

Configure Group Policy to deploy updates using WSUS 2016

Configure computer groups in WSUS 2016
Management

Configure computer groups in WSUS 2016

The initial configuration of WSUS 2016
Management

The initial configuration of WSUS 2016

Install WSUS in Windows Server 2016
Management

Install WSUS in Windows Server 2016

Error opening Report Viewer on WSUS 2016
Management

Error opening Report Viewer on WSUS 2016

Comments 4

  1. Janus says:
    6 years ago

    What if the Deny and Allow filters are enabled but the lists is empty? How will the server treat that?

    Reply
    • Matthew Matthey, MCT says:
      5 years ago

      If the allow and deny filters are empty they should be disabled. Otherwise, the allow list contains 0 whitelisted MACs, so the dhcp client is implicitly denied an IP Lease.

      Reply
  2. Ert Cif says:
    2 years ago

    The part about wildcarding to declare a range of MAC addresses was a very nice touch.
    I thank you.

    Reply
  3. Ignat says:
    4 months ago

    Ты не прав
    —
    ООО “Игнат”

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result
Zabbix server: More than 75% used in the trends cache
Monitoring

Zabbix server: More than 75% used in the trends cache

In Zabbix, "trends" are a type of data storage representing aggregated historical data. Zabbix monitors and collects a vast amount...

Read moreDetails
Check word count on Google Docs

Check word count on Google Docs

Zabbix server: More than 75% used in the configuration cache

Zabbix server: More than 75% used in the configuration cache

Approve updates in WSUS 2016

Approve updates in WSUS 2016

Configure Group Policy to deploy updates using WSUS 2016

Configure Group Policy to deploy updates using WSUS 2016

Configure computer groups in WSUS 2016

Configure computer groups in WSUS 2016

The initial configuration of WSUS 2016

The initial configuration of WSUS 2016

Get more stuff

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

we respect your privacy and take protecting it seriously

  • Contact
  • Homelab

© 2024 Dimitris Tonias

No Result
View All Result
  • About
  • Contact
  • Free Tools
  • Home
  • Homelab

© 2024 Dimitris Tonias

This website uses cookies. By continuing to use this website you are giving consent to cookies being used.