Scope based Link Layer filtering using DHCP Policies

Here is a script that enables creation of a DHCP policy on a scope to allow or restrict access to clients based on their MAC address.

 
 
 
 
 
4.5 Star
(2)
2,301 times
Add to favorites
Networking
9/16/2012
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • 2 or more 'allow' policies
    1 Posts | Last post March 13, 2018
    • Hello! 
      We have one scope...and we'd like to allow certain MAC addresses to get x.x.101.1-x.x.101.20
      and another group of MAC addresses to get x.x.102.1-x.x.102.20
      
      Is this possible?
      1) can we have multiple allow groups
      2) can a script be used on various (allow) polcies
  • Same error
    1 Posts | Last post March 18, 2015
    • PS C:\Mac> powershell.exe -executionpolicy bypass -file .\ScopeLevelMacFiltering.ps1 -ScopeId 192.168.102.0 -InputFileNa
      me .\MACDenyList.txt -IsAllow $True
      C:\Mac\ScopeLevelMacFiltering.ps1 : Cannot process argument transformation on parameter 'IsAllow'. Cannot convert
      value "System.String" to type "System.Boolean". Boolean parameters accept only Boolean values and numbers, such as
      $True, $False, 1 or 0.
          + CategoryInfo          : InvalidData: (:) [ScopeLevelMacFiltering.ps1], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : ParameterArgumentTransformationError,ScopeLevelMacFiltering.ps1
      
      PS C:\Mac> powershell.exe -executionpolicy bypass -file .\ScopeLevelMacFiltering.ps1 -ScopeId 192.168.102.0 -InputFileNa
      me .\MACDenyList.txt -IsAllow 1
      C:\Mac\ScopeLevelMacFiltering.ps1 : Cannot process argument transformation on parameter 'IsAllow'. Cannot convert
      value "System.String" to type "System.Boolean". Boolean parameters accept only Boolean values and numbers, such as
      $True, $False, 1 or 0.
          + CategoryInfo          : InvalidData: (:) [ScopeLevelMacFiltering.ps1], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : ParameterArgumentTransformationError,ScopeLevelMacFiltering.ps1
  • Script is Throwing Error
    2 Posts | Last post March 18, 2015
    • Dear Team,
      
      I am find difficult in running the script, Can you please help in resolving the issue.
      
      Below are the few errors:
      
      PS C:\Mac> powershell.exe -executionpolicy bypass -file C:\Mac\ScopeLevelMacFiltering.ps1 -scopeId 192.168.102.7 -InputF
      ileName "C:\Mac\MACDenyList.txt" -IsAllow $true
      C:\Mac\ScopeLevelMacFiltering.ps1 : Cannot process argument transformation on parameter 'IsAllow'. Cannot convert
      value "System.String" to type "System.Boolean". Boolean parameters accept only Boolean values and numbers, such as
      $True, $False, 1 or 0.
          + CategoryInfo          : InvalidData: (:) [ScopeLevelMacFiltering.ps1], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : ParameterArgumentTransformationError,ScopeLevelMacFiltering.ps1
      
      PS C:\Mac> powershell.exe -executionpolicy bypass -file C:\Mac\ScopeLevelMacFiltering.ps1 -scopeId 192.168.102.7 -InputF
      ileName "C:\Mac\MACDenyList.txt"
      Add-DhcpServerv4Policy : Failed to create policy MAC-based policy: Allow list in scope 192.168.102.7 on server
      AGBLRDH01.
      At C:\Mac\ScopeLevelMacFiltering.ps1:76 char:5
      +     Add-DhcpServerv4Policy -Name $policyname -Description $description -ScopeId  ...
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : ObjectNotFound: (AGBLRDH01:root/Microsoft/...pServerv4Policy) [Add-DhcpServerv4Policy],
         CimException
          + FullyQualifiedErrorId : DHCP 20005,Add-DhcpServerv4Policy
      
      
      Thanks in Advance.
    • PS C:\Mac> powershell.exe -executionpolicy bypass -file .\ScopeLevelMacFiltering.ps1 -ScopeId 192.168.102.0 -InputFileNa
      me .\MACDenyList.txt -IsAllow $True
      C:\Mac\ScopeLevelMacFiltering.ps1 : Cannot process argument transformation on parameter 'IsAllow'. Cannot convert
      value "System.String" to type "System.Boolean". Boolean parameters accept only Boolean values and numbers, such as
      $True, $False, 1 or 0.
          + CategoryInfo          : InvalidData: (:) [ScopeLevelMacFiltering.ps1], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : ParameterArgumentTransformationError,ScopeLevelMacFiltering.ps1
      
      PS C:\Mac> powershell.exe -executionpolicy bypass -file .\ScopeLevelMacFiltering.ps1 -ScopeId 192.168.102.0 -InputFileNa
      me .\MACDenyList.txt -IsAllow 1
      C:\Mac\ScopeLevelMacFiltering.ps1 : Cannot process argument transformation on parameter 'IsAllow'. Cannot convert
      value "System.String" to type "System.Boolean". Boolean parameters accept only Boolean values and numbers, such as
      $True, $False, 1 or 0.
          + CategoryInfo          : InvalidData: (:) [ScopeLevelMacFiltering.ps1], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : ParameterArgumentTransformationError,ScopeLevelMacFiltering.ps1
  • Adjusting IP ranges to allow creation of 2 policies on 1 scope
    2 Posts | Last post November 09, 2014
    • Is it possible somehow to edit the start and end up range so that for example I can have:
      policy1: 10.10.1.1 - 10.10.2.254 = ABC
      policy2: 10.10.3.1 - 10.10.4.254 = XYZ
      
      Essentially I want to permit certain clients to either ranges but I get an error on the 2nd execution as the script uses the full range.
      
      I've ran the script 1 time, adjusted the range (shortened) after.
      But cannot figure out how to edit this script to only use the 2nd half on the second execution.
    • Well, it was a bit of an oversight. Can just remove the range after the first execution / repeat as necessary, then modify the ranges as you wish afterwards.
  • Adding additional MAC Addresses to existing List
    1 Posts | Last post June 03, 2014
    • Hi,
      
      it is exactly what i needed thanks.
      after adding the MAC-addresses (about 200) from a list how can i add additional MAC Addresses with this or native Powershell? when using the script twice it is deleting the existing Addresses and replace them with the new List!?
      
      Best Regards,