This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Link Layer Based Filtering?

Overview
The increased threat perception has caused security to be instrumented and enabled at various levels in the enterprise IT infrastructure. Network and system administrators are increasingly becoming security conscious and are constantly on the lookout to insulate their systems from any potential threats that may arise from addition of new clients/devices on their networks. The proliferation of IP enabled devices in an enterprise poses security related challenges to a network admin. The administrators would like to have the ability to specifically control as to which clients can avail of enterprise network resources or conversely rogue clients that should be explicitly denied access to the network.
This kind of access control is precisely what MAC address based filtering feature in Windows Server 2008 R2 DHCP Server provides. This feature puts another low level network access control lever in the hands of the administrator. MAC address based filtering provides a mechanism for issuance/denial of DHCP leases and other network configuration, based on MAC addresses. It provides an additional layer of security on the network and allows the administrators to filter incoming DHCP Requests to DHCP Server based on the MAC Address of the DHCP client. Windows Server 2008 R2 DHCP server has an allow and deny list which can be populated with MAC addresses of clients which need to be allowed or denied access, respectively, to IP address leases and other network configuration.