Physical LAN port security via MAC filter

I’ve had this from a customer, the ability to have mac filtering applied to the physical LAN interface. EG: specify client devices allowed to connect by MAC address (same as you can on the wireless but on the physical LAN port itself)

Hi Chris,

Possible to explain more why you need to apply MAC filtering to the physical LAN interface ? Any specific requirement for that ?

Thank You

have the ability to allow only fixed devices to access the internet/vpn/whatever goes through that device would be my guess


Firewall access rules can control access the mention traffics. For more information, please refer to the screenshot below:

Outbound Firewall Rules
For every new outbound IP session (i.e. sessions going to WAN side), rules will be matched from the top to bottom. The matching process stops when a rule is found to be matched.

Internal Network Firewall Rules
For every new internal network IP session (i.e. sessions between LAN / VLAN / Static route networks / PepVPN networks / IPsec networks / L2TP with IPsec clients / PPTP clients), rules will be matched from top to bottom. The matching process stops when a rule is found to be matched.

Thank You

spot on, as per Cisco devices where LAN access can be locked down to a specific or list of macs, also its already on the AP interface config to lock down by mac.

Hi Chris,

Believe you are referring to “Port Security” on Cisco product. I do agree this feature should be available on switch or AP which facing to client directly. However, Balance or Max are gateway devices, firewall rule with MAC filtering will be more appropriate.

Thank you for your suggestion.

Is there an option to use this MAC firewall filtering for specific range, list etc., of MAC addresses?


@anzez, if you are aiming to restrict the Wi-Fi clients, you may want to take a look at the Access Control Settings under the Wireless SSID settings page.

I am looking for a solution on a LAN Ethernet ports.

Kind regards

@anzez, do you mind sharing a little more of your deployment use case with us?

We would need 802.1x on MAX BR1 5G, but I am looking for a workaround.

@anzez, the feature has been submitted to Engineering Team to further review. We will share more when there is an update available.