Dear Experts,
I am looking into allowing DHCP only to certain devices by their OUI to match my needs.
Though my NIC OUI is FC:34:97:xx:xx:xx with the following DHCP configuration below I am still getting DHCP.
There's no other DHCP server on the network, but the MX.
How can I get it working?
Is there a way to apply for an OUI range for example
00:00:01 to 00:00:02
Kind Regards,
C.
Solved! Go to solution.
You won't be able to restrict the DHCP server to only responding to specific OUIs.
You won't be able to restrict the DHCP server to only responding to specific OUIs.
This is disappointing.
Are there any plans for adding this security feature to the security appliance device?
You can use the "Give Feedback" option in the bottom right hand corner of the Dashboard page to request a feature (do it from the DHCP servers page).
But I think your chances are very slim. This is the first time in 25 years I have had someone ask for this.
What you could do is create a new VLAN, and put all the devices with the OUIs you want into it, and then configure DHCP to service just that VLAN.
The problem is that it is installed in an environment where someone might unplug our device and connect his device and get DHCP.
I'd like only for authorized devices to be able to pull dhcp.
In that case, create a firewall rule blocking all access.
Then for hosts you want to authorise - apply the built in group policy "Allow list" to override the firewall and grant access.
I think all devices will still be able to get a DHCP address - but unauthorized devices wont be able to send traffic across layer 3 interfaces.
If you want something even tighter, then you could use 802.1x and a RADIUS server on the LAN ports, and actually authenticate each device (or you could do it by MAC address). This method would prevent a client from being able to do DHCP until authenticated.
https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)