As an alternative, how about supporting a MAC range on the internal firewall?
1 Like
DHCP filter by MAC vendor still in the feature request list. Itâs not included yet in firmware 8.1.0. Very sorry for the delay that Engineering team will further consider the feasibility and hope it can be included in future firmware.
Firewall is mainly use to block layer 3 traffics while DHCP is layer 2 broadcast traffic. Firewall wonât able to be block such traffics.
1 Like
Thanks for the update.
1 Like
Let me describe this another say - instead of saying âfilter by mac vendorâ, look at it as âwildcard entries in mac address fllteringâ
i.e. I want to allow
80:5E:C0:::** (yealink phones)
9C:8E:CD:2*:: (a specific line of cameras from one vendor)
88:83:5D:91:DD:0D one specific device
so - any other device simply gets no response from the DHCP server.
Like basic firewall rules - right now the âdefault ruleâ is âallow anything to get an IP via DHCPâ
new mode activates a âdeny allâ and you add allow and deny rules.
To reiterate why - I just did an install involving an untagged subnet for the POS stations, wifi for POS stations on same subnet, a subnet for public wifi, another subnet for phones and another for cameras, TVs and SONOS speakers, attached by wired and wifi.
So - POS and phones are allowed to use cellular. public wifi and the TVs and cameras are not.
Within days of the install I notices 8 TVs sitting on the POS subnet, because some nimrod moved a cable and reset the TVs. If they had gone on cellular those TVs would have been pulling 2-3G per hour. Since we use the usage limit peplink added at our request damage would have been limited to maybe 10G before caught, but that would result in what to the customer is an âoutageâ because phones and POS would go down.
with this request we could limit the untagged subnet to the POS stations and phones. Plus in a TV? nothing happens.
2 Likes