Physical LAN port security via MAC filter


#1

I’ve had this from a customer, the ability to have mac filtering applied to the physical LAN interface. EG: specify client devices allowed to connect by MAC address (same as you can on the wireless but on the physical LAN port itself)


#2

Hi Chris,

Possible to explain more why you need to apply MAC filtering to the physical LAN interface ? Any specific requirement for that ?

Thank You


#3

have the ability to allow only fixed devices to access the internet/vpn/whatever goes through that device would be my guess


#4

Hi,

Firewall access rules can control access the mention traffics. For more information, please refer to the screenshot below:


Outbound Firewall Rules
For every new outbound IP session (i.e. sessions going to WAN side), rules will be matched from the top to bottom. The matching process stops when a rule is found to be matched.

Internal Network Firewall Rules
For every new internal network IP session (i.e. sessions between LAN / VLAN / Static route networks / PepVPN networks / IPsec networks / L2TP with IPsec clients / PPTP clients), rules will be matched from top to bottom. The matching process stops when a rule is found to be matched.

Thank You


#5

spot on, as per Cisco devices where LAN access can be locked down to a specific or list of macs, also its already on the AP interface config to lock down by mac.


#6

Hi Chris,

Believe you are referring to “Port Security” on Cisco product. I do agree this feature should be available on switch or AP which facing to client directly. However, Balance or Max are gateway devices, firewall rule with MAC filtering will be more appropriate.

Thank you for your suggestion.