Link layer filtering provides network access control for the issuance or denial of DHCP leases of IP addresses based on a media access control (MAC) address. Link layer filtering can be configured at the IPv4 node for all clients across all IPv4 scopes. This feature is currently available only for IPv4 networks.

To enable MAC address filtering
  1. Open the DHCP Microsoft Management Console (MMC) snap-in.

  2. In the console tree, double-click the DHCP server you want to configure, right-click IPv4, and then click Properties.

  3. Click Filters, and then select the Enable Allow List or the Enable Deny List check box.

To configure a new filter
  1. Open the DHCP snap-in.

  2. In the console tree, double-click the applicable DHCP server, double-click IPv4, double-click Filters, and then right-click Allow or Deny.

  3. Click New Filter, and then type a MAC Address and Description. Description is an optional field.

Notes
  • The MAC address can either be the full address or a MAC address pattern (wild card). Following are the valid MAC address wild cards:
    • 00-1C-23-*-*-*

    • 00-1C-23-20-AF-*

    • 00-1C-23-20-*-*

    • 001C2320AF4E

    • 001C*

Note

Deny filters supersede Allow filters.

To edit the hardware type exempted from filtering list
  1. Open the DHCP snap-in.

  2. In the console tree, double-click the DHCP server you want to configure, right-click IPv4, and then click Properties.

  3. Click Filters, click Advanced, and then select or clear the check boxes for the hardware types you want to edit.

Additional Resources

For a list of Help topics providing related information, see Configuring DHCP Server Role Settings.

For updated detailed IT pro information about DHCP, see the Windows Server 2008 documentation on the Microsoft TechNet Web site.


Table Of Contents