3

Question

Our DHCP server is set up to only give IP addresses to machines that it knows about (all IPs excluded, reservations for each MAC address). Part of the address range is used for virtual machines on a Hyper-V cluster, managed by Microsoft System Center.

Currently, the virtual machines get MAC addresses from an address pool, and there are DHCP reservations for the first addresses in that pool. The problem is that virtual machines are regularly being added and removed, and a couple days ago, those reservations ran out. I had to figure out what addresses were still being used, clean up unused reservations, and create new ones for the next set of MAC addresses.

Is there a way to reserve a set of addresses by prefix? Is there some feature I don't know about, or a feature with a higher domain functional level? We can raise the level if needed (currently 2008, but our servers are 2012 and 2012 R2).

Information

  • Domain functional level: Windows Server 2008
  • Microsoft System Center 2012 R2
Improve this question

1 Answer 1

Reset to default
4

Instead of creating static reservations, why not set mac restrictions to get a normal DHCP address?

http://technet.microsoft.com/en-us/magazine/ff521761.aspx

MAC address filtering (aka link-layer filtering) is a feature for IPv4 addresses that allows you to include or exclude computers and devices based on their MAC address.

enter image description here

Improve this answer
10
  • Will this work in combination with the reservations for the rest of the network? These machines are on the same subnet as everything else, which is managed by DHCP reservations. Commented Nov 13, 2014 at 17:23
  • I'm not sure what your current reservations are...but you could add multiple "Allow these mac addresses" filters to include any/all of your mac addresses. Is that what you are asking? Commented Nov 13, 2014 at 17:53
  • Machines need to keep their reserved addresses because a) they're not always in DNS and b) certain ranges are used for certain things (50-99 faculty, 200-240 lab, etc.). That solution sounds like I'd have to maintain two sets of MAC addresses (one in the filter list and one in the reservations). Commented Nov 13, 2014 at 18:13
  • 1
    @stephenwade Then there is no way to do the ridiculous thing you want, in the ridiculous way you want it done. Someone much more motivated and better paid than myself could probably script something up for you, but as I'm neither motivated, nor being paid, I'm only willing to point you in the direction of the DHCP PowerShell cmdlets. Commented Nov 13, 2014 at 20:49
  • 2
    I never said to wildcard everyone. You already lock down by mac via reservation...so why can't you lock down by filter instead using a wildcard reservation for just the VM "mac pool" and putting in additional filters based on the current other mac addresses you allow? I'm not sure where your security focus is...if you are concerned about port/network security you should look at implementing 802.1X along with port learning if that's the ultimate concern here...otherwise the DHCP scope filters is the way to go. Commented Nov 13, 2014 at 20:54

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.