I have searched around in the archives, but I can't find the answer to this question. My apologies in advance if this is the wrong place to ask...
I am trying to figure out if I can use a single device (Cisco router) to create up to four subnets and also act as a selective DHCP server. I have a class of devices identified by a range of MAC address (OUI) that I want to serve DHCP addresses to from a local pool in the router, while all other DHCP requests should be ignored. These will be handled by a different server in the network.
I have seen that MAC filtering can be done with an open source solution such as opendhcp or even now within Windows Server, but I would prefer not to introduce another element in the network. This requirement is not being driven by security concerns, rather a matter of scope and overall network architecture.
Any thoughts or guidance, much appreciated.
You can find all the information here:
Manual bindings is the part your after.
Many thanks for the response.
From what I have read, the Manual Bindings approach requires each individual hardware (MAC) address to be specified. This isn't practical for the large scale and mobile environment I am creating. I want to specifiy a range (or use a bit mask) to identify a specific type of device by the first 3 bytes (OUI) of the 6 byte MAC address. Only these DHCP requests will be served, all others should be ignored.
I understand that you would like to configure multiple pools in the router and assign specific pools based
on MAC addresses.
You are right in we need a MAC filtering mechanism to achieve this.We can use ACL to acheive this for the whole device.
But I dont know if you can use ACL's if you can use ACLs on a per DHCP pool basis if thats you requirement.
I will have different pools for the VLANs on the router, to allocate an address in the same subnet, but the real challenge is how to ignore DHCP requests from other devices (based on MAC address).
I have thought about using ACLs, but I am concerned (or confused) about how to limit the scope.
I think part of the issue is that I need to segregate the routing and DHCP functions. I could create an access list to allow DHCP requests only from my range of MAC addresses which would then be handled by the local DHCP server, but I need to ensure that that other requests are routed to the WAN port.
Thanks for the response,
I think you should be able to achieve your goal by using MQC and dropping packets with some hardware address which are doing
1) create a MAC ACL permitting the OUIs you don't want to have dhcp addresses
2) create an extended ACL permitting udp to bootps
3) create a class-map where you match both ACLs
4)create a policy-map for that class with an action of drop
5) apply this policy-map input to the interface of router receiving dhcp requests.