DHCP: The MAC address filtering configuration should not block IP address reservations

  • Article

Applies To: Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Dynamic Host Configuration Protocol Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).

Operating System

Windows Server 2008 R2, Windows Server 2012

Product/Feature

Dynamic Host Configuration Protocol (DHCP)

Severity

Warning

Category

Configuration

Issue

A reservation is in conflict with a MAC address filter.

Impact

The DHCP server will not lease reserved IP addresses to clients with conflicting MAC address filters.

Resolution

Use the DHCP MMC to change the MAC address filters so that reservations are not excluded.

MAC address based filtering allows specific control over which clients have access to DHCP addresses. You can create a list of computers that are allowed to obtain DHCP addresses from the server by MAC. Likewise, you can deny computers access by adding their MAC addresses to the DHCP deny list. By enabling the allow list, you automatically deny DHCP addresses to any client computer not on the list.

Depending on your configuration of reservations and allow/deny lists, you may have to change either the allow or deny list to correct this conflict. If a client has a reservation, there is an allow list enabled, and the client is not on the allow list, you’ll need to add the client’s MAC address to the list. If a client has a reservation, the allow list is not enabled, and the client is on the deny list, you’ll have to remove the MAC address for that client from the deny list.

Membership in the Administrators or DHCP Administrators group is the minimum required to complete this procedure.

To add a MAC address to the DHCP allow list

  1. Click Start, point to Administrative Tools and then click DHCP.

  2. In the console tree, expand the applicable DHCP server, expand IPv4, and then expand Filters

  3. Click Allow, click New Filter…, type the Mac address and Description of the client to allow, and then click Add.

To remove a MAC address from the DHCP deny list

  1. Click Start, point to Administrative Tools and then click DHCP.

  2. In the console tree, expand the applicable DHCP server, expand IPv4, and then expand Filters

  3. Click Deny, right-click the MAC address of the client with the corresponding reservation, click Delete and then click Yes.

Additional references

For updated detailed IT pro information about DHCP, see the Windows Server 2008 R2 documentation on the Microsoft TechNet Web site.