Customers have requested a feature be added for the functionality to block specific MAC addresses from being provided access to the network, a block on specific MAC addresses.
It seems that there are some folks that would like to do “bad” things when given the opportunity :mad: and the administrators trying to protect the network and provide stability to “legitimate” users would like to more easily thwart these “evil” folks from being allowed to connect to the network. There are some “work-arounds” to accomplish a similar result, however, it is more complicated than it “needs to be.”
Please thoughtfully consider adding the ability to easily block a given MAC address from accessing the network (LAN) much like other networking devices allow. Adding this functionality to the “road map” for future releases of firmware enhancements would be very helpful.
Another thread posted in these forums regarding this feature request can be referenced here.
Thank you kindly, forum community, for your input and to the Peplink team for thoughtfully considering community input.
Thanks Jeff for this post! Yes this is a vitally needed feature that many of our clients using Peplinks in the hospitality industry (hotels/motels guest lodging facilities) really need as it only takes one bad apple to spoil the barrel. A quick blocking feature accessible from the Peplink/Status/Clients page would give admins the ability to quickly remove those who are trying to abuse the system. This feature is already available on many low-end Netgear and Cradlepoint routers and should not be difficult to implement. Thanks for your consideration and hope this feature becomes available soon! Regards, Daren
You don’t need to have “Event Logging” unless you want to manually access the device logs to see if it is doing what you expect and how frequently the MAC address is being blocked.
Happy to Help,
Marcus
I’d love to see this as a single click in the GUI, block a given device.
But really when we’ve got a rouge or suspect device, I generally want more. I’d like to monitor that given device for a while, see what bandwidth it’s using, see a list of (non-https) domains looked up, and the like. Basically ask the question what is this device doing on the network?
For decent firwall rules / per se outbound rules on a firewall I normally look for the ability to be able to work with users/devices and groups of users/devices amongst other.
I would therefore look for the ability to create a group of MAC addresses (or group of users) that then in the outbound policies I can apply to a rule. (i.e. in the source of the outpbound policy also have the choice of selecting a group (or user)
Here is an example from the GFI kerio Firewall which for me is a clean nice overview
It shows the source (a specific IP address | a group of IP addresses | a subnet | or a group of users/devices), then it shows the desitantion (here any internet interface, but could be again same as in source… specific IP, group of IPs, a different subnet, etc). It then shows the NATting used, service, permission and when last time this rule was used…
Often we have to remember that its not always a user, but often a device that we need to route!
Yes, you can do that. IP address’/networks can be added to “Grouped Network” entries and MAC address’ can be added to “Access Control List” entries and those items can be referred to by name from Outbound Policy/Firewall rules.
