Is it possible to white list MAC addresses and block all other internet use?


#1

I’m using Pepwave Max Br1 Mini LTE routers for M2M internet over Ethernet cables. My concern is that someone will unplug an Ethernet cable and plug it into their laptop and have access to the internet. Is it possible to block all other MAC addresses outside of the ones we have allowed?


#2

You could do this with outbound firewall rules. Write a rule allowing each of the permitted MAC addresses. Then a final rule blocking everything. This would be cumbersome if you have a lot of devices.


#3

Hi @johnnymckenna,

You could also create DHCP reservations for the MAC addresses you want to allow, in theory then, any other MAC address would not receive a DHCP IP address. I’ve given an example here:-

Hope this helps,

Steve


#4

I do this with captive portal. White list the mac addresses as ‘Allowed Clients’ . Create a page on your website that simply says ‘access blocked’ then set the captive portal splash page to that page’s url.

Sine your splash page doesn’t have the authentication or response code in it, captive portal users that are not on white-list can never get past the splash page.

For more complex requirements - like when you have multiple routers / APs that a device can need access to across locations, you can use IC2 captive portal and centrally manage the list of MAC addresses. I use token access mode then don’t generate the tokens.


#5

This is the route I ended up taking and it seems to be working for my specific application. Thank you for the response!


#6

Thank you for the response Martin! I’ll keep this in mind for future use.


#7

I tried that but unfortunately, it didn’t work. I’m not sure why though.