Basically, my Balance 20X & SOHO’s allow any device plugged into the network to get an IP address on the network or VLAN, or to operate if it has a static IP address within the correct range, and I don’t see any way to stop that. One way would be for the router to not recognize anything not on the DHCP Reservation List. Don’t assign it an IP address if it requests one, and don’t route any traffic if it has a static IP address unless it’s MAC Address matches the one assigned to that IP address. In some sense, this would be the equivalent of having a MAC Address based “Allow List”.
You can probably do much of what you want by using the existing firewall. For example, on a 20X if you go to Advanced → Firewall → Access Rules → Outbound Firewall Rules you can add authorized devices by MAC or IP address and prohibit outbound connections from everything else. You can do the same withing with Internal Network Firewall Rules. One can also make it a bit more challenging for novices by turning off DHCP.
1 Like
I don’t really see a practical way to do that with internal firewall rules. For the 60+ clients on my Balance 20X it looks to me like I’d need to make 60+ “allow” rules. Is there some way I’m not seeing to tie a rule to a MAC Address list so I don’t need to make a rule per device?
The system I’m dealing with has 3 VLANS plus the untagged VLAN (so 4 VLANS total), each with it’s own IP reservation list. In an ideal world, I’d effectively have a separate MAC Address based “Allow List” for each VLAN.
If you use ic2 you can setup an acl (access control list) of
1 Like