Solved: can I exclude mac's from getting IP leases

gerheauserm · ‎04-14-2008

I have an environment, where I need to exclude specific mac addresses from getting dhcp leases when running dhcp oon a IOS router. Is this possible?

guibarati · ‎04-14-2008

you must assign a separate dhcp pool for each static MAC-to-IP assignment.

So you can add new pools, but not add more MACs to the new pool

View solution in original post

Edison Ortiz · ‎04-14-2008

I recommend taking the time to read the documentation:

http://www.cisco.com/en/US/docs/ios/12_4/ip_addr/configuration/guide/hipdhcps.html#wp1114732

HTH,

__

Edison.

View solution in original post

guibarati · ‎04-14-2008

Do you want one specific MAC to get always the same IP?

gerheauserm · ‎04-14-2008

No, I want specific mac's to not get a DHCP license.

guibarati · ‎04-14-2008

I don't know if is there a way to do that, to block an mac address to get IP from DHCP in the router, but I see two ways you can follow:

1 - Create an MACAddress access list (to do that number it from 700 to 799)

then put this access list in the interface. (I don't know if it's really possible to put an mac access list in an interface) if so your problem is solved its just to block the desired MAC.

2- If the solution above does not work I would sugest you to create an fixed IP to that MAC address and and with an IP that is not in your network. For example, if your network is 192.168.1.0/24 you could give this mac an IP 1.1.1.1 with gateway 1.1.1.2.

See how to do it:

Router1(config)#ip dhcp pool IAN

Router1(dhcp-config)#host 172.25.1.33 255.255.255.0

Router1(dhcp-config)#client-identifier 0100.0103.85e9.87

Router1(dhcp-config)#client-name win2k

Router1(dhcp-config)#default-router 172.25.1.1

Router1(dhcp-config)#domain-name oreilly.com

Router1(dhcp-config)#dns-server 172.25.1.1

Router1(dhcp-config)#end

Router1#

Please rate if it helps.

gerheauserm · ‎04-14-2008

I was not able to get the mac related access-list applied to the interface. And, your example for statically assigning a mac to an IP is a bit confusing. I already have one scope on my router for the allowed users, would I create a second scope?

guibarati · ‎04-14-2008

yes, a second scope that would apply only to the specific MAC (it thakes precedence over the dinamic allocation).

Then in this scope the IP address for this MAC will be completly different of the rest of your network, and if this MAC try to get an IP from your DHCP it will take an invalid IP and will access nothing in your network

gerheauserm · ‎04-14-2008

Ok, this should be the last question. Can I put more than one mac-to-IP in the new DHCP pool?

guibarati · ‎04-14-2008

you must assign a separate dhcp pool for each static MAC-to-IP assignment.

So you can add new pools, but not add more MACs to the new pool

gerheauserm · ‎04-15-2008

I tried that, but still have nodes with MACs that I put on separate dhcp pools, pulling IP leases from the main generic dhcp pool on that router. Are you sure I need to prefix the mac in the client-id field with a "01" then slide the decimal point 2 places?

Edison Ortiz · ‎04-14-2008

I recommend taking the time to read the documentation:

http://www.cisco.com/en/US/docs/ios/12_4/ip_addr/configuration/guide/hipdhcps.html#wp1114732

HTH,

__

Edison.

gerheauserm · ‎04-15-2008

I did, and fully understand the technology. What I am not able to do, is statically bind a mac to an IP, even using the following example:

ip dhcp pool bad36

host 1.1.1.36 255.255.255.0

client-id 0100.16ce.7b95.01

where 0016.ce7b.9501 is the node mac.

The 1.1.1.36 if from a range on an ethernet, (as a secondary range) that is not allowed to route anywhere. Whenever that mac requests a dhcp lease, it gets it from the primary scope on the router. Am I missing something?