mac-filtering on switch
Ally Member
Hi.
Where do we set the mac-filtering on the switch port to only allow one particular mac-address to be connected to the switch?
All Replies
-
Hi @FrankIversen ,
We are still evaluating the MAC-filtering feature on Nebula Switch.
I will move this post to idea section.
Thanks.
Jason0 -
does a nsg-50 firewall support this?
we need to be able to secure on mac-addresses at same end-station where there is no people located on daily basis.
0 -
Hi @FrankIversen ,
NSG series do not support MAC address filtering, it's usually not implement on the layer 3 device, but in layer 2, so will evaluate it on switch.?
/Chris
Chris
0 -
agh.. so we can not use nebula equipment at remote location where we want this security i guess..
1 -
+1 for Mac filtering and port security on Nebula switches.
I had a similar situation some time ago...At the end what I did was to setup a virtual machine with window server, setup a Radius server and use the Radius policy on switch ports to allow mac authentication on those ports. Hopefully it is also useful for you!
"You will never walk along"0 -
+1 for this feature. (P.S. It seems for example Unifi Switches doesn't have this option as well, this would be another reason to change our whole infrastructure to Zyxel :P).
I also tried to use radius authentication for mac based authentication. This seems to work however the NPS/Freeradius server doesn't get the right NPS-Identifier. I would expect the NPS Identifier to be the name of the policy I setup in the Nebula Cloud (in my case "Auth50" and "Auth100") however the NPS Identifier is GS1920, which isn't helpful at all if you want to distinguish between differentports.
For example I only want group "One" to be able to authenticate with port 1 and group "Two" with port 2. Currently I cannot distinguish in the Freeradius server if the user with the mac address is connected to port 1 or 2. I think this is a design flaw. In standalone mode you had the "Name prefix" option which adds a prefix to the username (mac), but this also doesn't seem to be possible with Nebula cloud.
The information is pretty useless, the server doesn't know from which of the 10 GS1920 the request was sent. I think the policy name as "NAS Identifier" would be the best option.
0 -
Hi @Waishon,
Thanks for your advisement, we will look into your case. Our original design is for the users who have one RADIUS server in the environment to make it simple.
Will let you know if we have any update on this feature.
Thanks and your feedback means lot to us
0 -
Hi ,im looking for this featue too. We have an hospitality customer and want to mac filter to IPTV only per port.
0 -
+1 for Mac filtering and port security on Nebula switches.
0 -
Hi, Also interested in this feature. Are Zyxel making any progress with it?
It's almost there. I can go to Switch > Clients > Select a Client > Policy > Block List and the device is blocked from communicating. Just need the opposite of this so that all devices are blocked by default and have to be Allowed.1
Master Member
Zyxel Employee
Freshman Member
Categories
- All Categories
- 199 Beta Program
- 1.8K Nebula
- 94 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 52 Switch Ideas
- 919 WirelessLAN
- 28 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 454 Nebula FAQ
- 258 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 70 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 52 Security Highlight
