PoE and Lock LAN Ports


#1
  1. Have the ability on Balance 20-380 to have a minimum of 1 PoE port for an AP.

  2. Have the Ability to lock down all LAN ports on Balance devices. Reason is because I went out to a customer to take a look a at few things and when I went back to the server room I found their IT plugged directly in the only LAN port left on our Balance One and he was watching YouTube tutorial videos on something Cisco. Sucking the bandwidth for the VoIP network!!!

Thanks


#2

Hi,

Thanks for suggestion. POE on LAN port is understandable. Product team will take into consideration.

For the ability to lock down all LAN ports, I suggest to use Outbound firewall with source MAC Address. This should achieve your requirement.

Hope this help.


#3

Since there is no way for the balance device to send a notification when a foreign MAC address pops up in the client list then how would I ever know right away to go in and make outbound firewall settings? Plus that would be extremely time considering since we have around 250-300 balance devices in the field. It’s more of an overall security feature in my eyes. I can lock down any ports on our switches but not on the possible open LAN ports on the balance device. That alone I feel is a security issue, unless im missing something.

Whats to stop a rogue IT person that is trying to sabotage the phone system so that they can have a higher chance of bringing in another service because they get kickback. Trust me, its attempted but most are bad at covering up their tracks.

If your saying that your new 6.3.x firmware will have port based VLAN then in theory shouldn’t we be able to shut off the DHCP server per LAN port and whatever we decide to make the gateway IP, to just block all outbound firewall traffic for that? If that’s the case then that’s more what I’m looking for.


#4

Hi,

IP phones, users —> Firewall —> Balance router —> Internet

If your network design as above, you may whitelist firewall MAC address only via Outbound Firewall Rule.

IP phones, users —> Balance router —> Internet

If your network design as above, you may apply Qos to prioritize Voip traffics via Network > Application. You may configure Bandwidth Control for Voip and data traffics as well (you need to split Voip and data traffics into different Vlans). This will help in your current situation.


#5

And that’s great in terms of the MAC address white-listing for the outbound policy but its too bad I have 85 Polycom Soundpoint IP Phones on the network and I would have to create 85 outbound policies, which is insane!

It would be cool if say you had a drop down to manually type in as many MAC address or IP address that are needed, so to only create 1 outbound policy.

What would be even more cool for someone like me is if you had that same drop down to manually enter MAC’s or IP’s but we were able to enter the first 5-6 numbers or letters, say on the MAC address of the phones. Most if not all Polycom phones for example start with a MAC of “0004f2”. So instead of manually entering every MAC address, you would enter the first “0004f2” and the router would recognize this sequence of MAC addresses.

I understand that the reason for this request is something that doesn’t typically happen but it does happen. Its not like people are going to start to ease up on finding ways to screw things up and make life harder than it needs to be.