Limit Bandwidth by Client MAC

netguy · January 20, 2016, 2:42am

Hello All,

Is is possible to limit bandwidth by client MAC address?

~eric

Tim_S · January 20, 2016, 4:10am

With the User Group Bandwidth Control feature you can do this via IP address but not MAC address.

netguy · January 20, 2016, 4:48am

Ah, with DHCP this would be tough. Sometimes that are rogue individual users hogging bandwidth and I only want to limit them. Maybe a feature request?

Tim_S · January 20, 2016, 4:52am

Sure, I will move this thread over to the feature requests.

netguy · January 20, 2016, 4:54am

Super, thanks.

~eric

Michael234 · January 21, 2016, 1:40am

I would think this could be done in a round-about way. That is, after a bad MAC address has been assigned an IP address, force the DNS server to always give the same IP address to that MAC address. Then put a lasso around that IP address.

Different routers have different names for this, Peplink calls DHCP Reservation. Permanently linking a MAC address to an IP address is a common DNS server feature.

OUTsider · February 26, 2016, 6:33pm

Sorry, but dns has nothing to do with dhcp reservation, unless you are talking about assigning a **hostname **in the assignment instead of an ip. (which is an isc-dhcp server feature in fixed-address). As far as I know (tested on balance 305), this is not allowed (yet).

What you (and probably others) are looking for is strict binding mac to ip

sitloongs · February 28, 2016, 11:06am

Hi,

As discussed earlier, bandwidth control only work on IP address. What Michael234 suggest will be the work around for bandwidth control by MAC address.

What Michael234 suggest will be using the DHCP reservation to force known clients/servers using the dedicated IP address. Then you can group those IP under separate bandwidth limit group.

For more information, please refer to the screenshots as below:

DHCP Reservation:

User group:

Bandwidth control:

Thank You

OUTsider · February 28, 2016, 3:49pm

Yes, but this still does not prevent abuse from people who define a static ip setting instead of using dhcp. Hence, strict bind ip to mac option, e.g. if mac is in the reserved dhcp list, only allow that specific mac with that specific ip to use the wan.

@Michael234: Check if you have a managed switch and perhaps perform mac locking through there instead? Options like Port Security might help you.

sitloongs · February 28, 2016, 6:16pm

Hi,

This can be block by using firewall access rules (MAC address).

Thank You

OUTsider · February 28, 2016, 6:39pm

sure, do pepdevices allow the addition of millions of mac addresses (or at least MAC with wildcards to be more vendor specific) just to keep everything we do want to allow blocked ?
And besides, we are talking about a MAC ALLOW list, not a MAC Deny list.

Please do me a favour and read exactly what we request, and do not blindly assume we are talking about something else.

Again, the client wants to be able to limit bandwidth per MAC, since this is not possible since bandwidth limiting is IP based, the topic went a bit offtopic by mentioning strict ip binding, and thats NOT possible on the peplink/pepwave, you try to work around the issue by mentioning firewalling issues, specifically the block feature, for this you need to know all MAC’s in advance before even being able to block those.
Doing the reverse, accepting only mac’s in the firewall that are allowed in the network presents another issue with flexibility (people would need to register with the sysadmin prior to being allowed to connect to the wan)

And then there would be the security issue of lan devices spoofing a wifi device’s mac etc

TK_Liew · February 28, 2016, 7:04pm

Hi,

Limit bandwidth by MAC address is not supported. We definitely will look into this since this is a feature request.

Michael and Sit Loong is providing an immediate workaround for those have this concern.

Your points are well noted and we do appreciate that.

Thank you for your suggestion.