Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, July 22, 2016 4:51 PM
We recently upgraded our DHCP controller to a virtual Windows Server 2012R2 and have been experimenting with DHCP Deny lists. However, that requires monitoring for us, and with the number of users with our WiFi password(most should not) we need an a better method.
My question is, does having an allow and deny list divide connections, forcing a user to be on one or the other before it can receive a DHCP address, or just before it can use the network? For example, would we have to manually enter every computer's MAC to allow it, or would it show up unassigned? Also, is there any detrimental overhead created by having an allow list for 700ish devices?
Thank you,
Chad Anderson
All replies (1)
Monday, July 25, 2016 2:04 AM ✅Answered
Hi gw2futur,
>does having an allow and deny list divide connections, forcing a user to be on one or the other before it can receive a DHCP address, or just before it can use the network?
Configuring allow or deny list can prevent specific clients from obtaining IP settings.
1) If enable allow list: DHCP server provides DHCP services only to clients whose MAC addresses are in the allow list. Any client that previously received IP addresses is denied address renewal if its MAC address isn’t on the allow list.
2) If enable deny list: DHCP server denies DHCP services only to clients whose MAC addresses are in the deny list. Any client that previously received IP addresses is denied address renewal if its MAC address is on the deny list.
3)If enable both allow list and deny list: Deny list has precedence over allow list. This means if a MAC address has been denied, the address is always blocked even if the address is on the allow list.
> For example, would we have to manually enter every computer's MAC to allow it, or would it show up unassigned?
Yes, we need to manually add the MAC address for allow list or deny list.
> Also, is there any detrimental overhead created by having an allow list for 700ish devices?
Then only the 700 devices can get IP address from that DHCP server.
Additional information for your reference:
https://technet.microsoft.com/en-us/magazine/ff521761.aspx
Best Regards,
Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].