Page tree


This chapter explains how to configure IPv4 DHCP filters. It contains the following sections:

About IPv4 DHCP Filters

To control how the appliance allocates IP v4 addresses, you can define DHCP filters and apply them to Grid, members, DHCP ranges, range templates, IPv4 network containers, IPv4 networks, shared networks, IPv4 network templates, IPv4 fixed addresses, IPv4 fixed address templates, IPv4 reservations, IPv4 reservation templates, and IPv4 host addresses. You can override filters set at an upper level and apply a new logic filter. Depending on your configuration, DHCP filters screen requesting clients by matching MAC addresses, relay agent identifiers, DHCP options, or DHCP fingerprints you define in the filters. If you configure DHCP servers in the Grid to send authentication requests to a RADIUS authentication server group, you can also filter requests by matching the authentication results. (For information about this feature, see Chapter 32, Authenticated DHCP.)
When you define DHCP filters, you classify DHCP clients based on the information provided by the clients or by the RADIUS server. When you apply filters to an address range, the appliance responds to your address requests based on your configuration. The appliance also decides which DHCP options to return to the matching clients based on how you apply the filters. For more information, see Applying Filters to DHCP Objects.
You can use filters to control address allocation based on your network requirements. For example, you can use DHCP filters to screen unmanaged hosts on a network by denying their address and option requests. If you have multiple DHCP address ranges on the same network and you want to assign IP addresses from specific address ranges to specific clients, you can use filters to screen the address assignments. For information, see IP Address Allocation.
The appliance supports the following filters:

  • MAC address filters: Use MAC addresses as matching criteria for granting or denying address requests. For information, see About MAC Address Filters.
  • Relay agent filters: Identify remote hosts by matching the relay agent identifiers in the DHCPDISCOVER messages. For information, see About Relay Agent Filters.
  • Option filters: Classify hosts by matching the DHCP options and values sent by the requesting hosts. For information, see About Option Filters.
  • DHCP fingerprint filter: Identify remote clients by matching the option number sequence or vendor ID sent in option 55 and 60 of the DHCP request against the DHCP fingerprints cached on the system. For information about DHCP fingerprint filters, see About DHCP Fingerprint Filters. For information about DHCP fingerprint detection, see DHCP Fingerprint Detection.
  • NAC filters: Use authentication results from a RADIUS authentication server group as matching criteria for granting or denying address requests. For information, see Chapter 32, Authenticated DHCP.

You can use MAC, option, and NAC filters to define DHCP options that matching clients can receive. Depending on how you apply a filter, all DHCP clients with matching criteria can receive all or some of the DHCP options defined in the filter. DHCP options defined for a matching filter supersede those defined at the Grid, member, network, and DHCP range levels. Options defined for a filter that is in the Class Filter List of an address range supersede those defined in the Logic Filter List. For more information about how the appliance returns options and how to apply DHCP filters, see Applying Filters to DHCP Objects.

  • No labels

This page has no comments.