Announcement

We use a bogus DHCP range for this purpose, the phones don't really do anything in this initial range, just get the 156 options to reboot in the right VLAN and get a DHCP adress there.

Even if someone plugs in a PC, they will get an IP that cannot be used to access anything in the network.

Alternatively you could, depending on your switches, use port security to only allowed specified MAC's on a certain port.

DHCP Server Callout MAC Address Filter

There is a bolt on dll for Microsoft DHCP Server that looks like it will do what you need. :rockon:
Marketing propaganda is here:
Microsoft Windows DHCP Team Blog : DHCP Server Callout DLL for MAC Address based filtering

The download for the dll file is here:


:nuke:This is dangerous:nuke:
If you are not absolutely comfortable working with Windows Server, and DHCP step away from the keyboard now. You could also do some serious damage if you think you know what you are doing, but in fact, don't. If you screw it up, I charge UKP 700 per day plus expenses.

You will need to provide a text file which contains a list of MAC addresses, you need to give the whole mac address, no wildcards unfortunately. Luckily ShoreTel IP Phones have a barcode on them which contains the mac address so you can scan all your phones into a spreadsheet and dump this into the text file.
If you are in the rollout phase, the cartons containing the phones have the barcodes on a label on the outside of the box (if the disty hasn't stuck some crap over it) so you can gather the mac addresses without even having to unbox the phones. Having a barcode reader will take about 10 seconds per carton or faster to record all the mac addresses. If you don't have a barcode reader you should probably get one now or give up. If you miskey the mac address by typing it in manually, the phone will not get it's IP address.

If you have already got phones deployed you can obtain the list of macs from the IP Phones section in Shoreware Director. You can also get them from the DHCP server the same way as described below.

You will probably also want to add your existing DHCP clients to the list as well otherwise DHCP is going to ignore them from now on.
To get a list of all the non ShoreTel mac addresses that are already registered on DHCP run the following command at a prompt on the DHCP Server.

(Obviously you will need to adjust the scope ip address to suit your own network)
The file dhcpexport.txt will then contain a list of all the IP addresses and MAC addresses which you can massage in Excel to add to the callout dll configuration file.

If you prefer to use a mouse, then you can obtain a list of the DHCP leases by opening up your DHCP manager:
Expand the server
Expand the Scope
Right click on the Address Leases and select Export List.

again you will need to massage the output in Excel to make the text file for the callout dll.

The text file will look like this:
MAC Address List File Format
 File should contain action followed by MAC address list as show in below
#MACList.txt
MAC_ACTION = {ALLOW}
#List of MAC Addresses:
000a0c0d1254 #lab-server1
000d0c4a6723 #lab-server2

The documentation that comes with the Callout DLLthoughtfully neglected to include outside installation file so the only way to read it is to install the dll on your working DHCP server. I will attempt to host the doc somwhere and add a link on this thread at a later time.

Here is the doc
SetupDHCPMacFilter - Google Docs