Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DHCP Option 43 and 60

Solved
Captain
Getting noticed
2 weeks ago
2 weeks ago

DHCP Option 43 and 60

Dear Experts,

 

I am looking into allowing DHCP only to certain devices by their OUI to match my needs.

 

Though my NIC OUI is FC:34:97:xx:xx:xx with the following DHCP configuration below I am still getting DHCP. 

There's no other DHCP server on the network, but the MX.

 

How can I get it working? 

 

Is there a way to apply for an OUI range for example 

 00:00:01 to 00:00:02

 

Captain_0-1724833267236.png

Kind Regards,

C.

Labels:
0 Kudos
Subscribe
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

You won't be able to restrict the DHCP server to only responding to specific OUIs.

View solution in original post

0 Kudos
Subscribe
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

You won't be able to restrict the DHCP server to only responding to specific OUIs.

0 Kudos
Subscribe
Captain
Getting noticed
2 weeks ago
2 weeks ago

This is disappointing. 

Are there any plans for adding this security feature to the security appliance device?

 

 

0 Kudos
Subscribe
In response to Captain
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

You can use the "Give Feedback" option in the bottom right hand corner of the Dashboard page to request a feature (do it from the DHCP servers page).

PhilipDAth_0-1724842726927.png

 

But I think your chances are very slim.  This is the first time in 25 years I have had someone ask for this.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

What you could do is create a new VLAN, and put all the devices with the OUIs you want into it, and then configure DHCP to service just that VLAN.

0 Kudos
Subscribe
In response to PhilipDAth
Captain
Getting noticed
2 weeks ago
2 weeks ago

The problem is that it is installed in an environment where someone might unplug our device and connect his device and get DHCP.

 

I'd like only for authorized devices to be able to pull dhcp.

 

 

 

 

0 Kudos
Subscribe
In response to Captain
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

In that case, create a firewall rule blocking all access.

 

Then for hosts you want to authorise - apply the built in group policy "Allow list" to override the firewall and grant access.

 

I think all devices will still be able to get a DHCP address - but unauthorized devices wont be able to send traffic across layer 3 interfaces.

 

PhilipDAth_0-1724875245694.png

 

Subscribe
In response to Captain
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

If you want something even tighter, then you could use 802.1x and a RADIUS server on the LAN ports, and actually authenticate each device (or you could do it by MAC address).  This method would prevent a client from being able to do DHCP until authenticated.

 

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)

 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.