restrict dhcp by hardware?

jessica jestol · ‎03-26-2018

In linux, it's possible to create a class where you can match hardware (in my case the mac prefix of the first six characters) that will only allow dhcp if the mac address of the requester starts with those six characters. Is there any way to do this with cisco IOS? I'm talking about more than 50 clients so mac reservation isn't an option and no server on site so 802.1x isn't an option either. Basically, it would be a simple but effective way of saying, nothing connects here but this specific hardware. Yes, I know mac spoofing is easy but I'd like some additional protection beyond the port security option.

Dennis Mink · ‎03-26-2018

You can't exclude a MAC address directly on the IOS based DHCP server.

What you can do is to give the MAC address a manual binding on an invalid subnet - thus black holing the client

Please remember to rate useful posts, by clicking on the stars below.

jessica jestol · ‎03-26-2018

I was thinking more only allow mac addresses that start with C8:08:E9.

Deepak Kumar · ‎03-26-2018

Hi,

I think it is possible with Vendor Class ID:

https://**bleep**.technology/configure-cisco-ios-dhcp-to-use-vendor-class-ids

Actually, correct URL is "**bleep**.technology" but I don't know why it is converting to **bleep**.

I attached a file with correct URL. Please check. I think this is an issue with Cisco Support form.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

jessica jestol · ‎03-27-2018

hahaha. That's funny. Thanks. I was thinking this might work as well. I'm reading up on it now.