mac-filtering on switch

FrankIversen
FrankIversen Posts: 92  Ally Member
Ideas master First Comment Friend Collector Third Anniversary
edited April 2021 in Nebula

Hi.

Where do we set the mac-filtering on the switch port to only allow one particular mac-address to be connected to the switch?

«1

All Replies

  • Zyxel_Jason
    Zyxel_Jason Posts: 411  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula Zyxel Certified Sales Associate

    Hi @FrankIversen ,

    We are still evaluating the MAC-filtering feature on Nebula Switch.

    I will move this post to idea section.

    Thanks.

    Jason

    See how you've made an impact in Zyxel Community this year!
    https://bit.ly/Your2024Moments_Community
  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    Ideas master First Comment Friend Collector Third Anniversary

    does a nsg-50 firewall support this?

    we need to be able to secure on mac-addresses at same end-station where there is no people located on daily basis.

  • Zyxel_Chris
    Zyxel_Chris Posts: 727  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers

    Hi @FrankIversen ,

    NSG series do not support MAC address filtering, it's usually not implement on the layer 3 device, but in layer 2, so will evaluate it on switch.?


    /Chris

  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    Ideas master First Comment Friend Collector Third Anniversary

    agh.. so we can not use nebula equipment at remote location where we want this security i guess..

  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    +1 for Mac filtering and port security on Nebula switches.

    I had a similar situation some time ago...At the end what I did was to setup a virtual machine with window server, setup a Radius server and use the Radius policy on switch ports to allow mac authentication on those ports. Hopefully it is also useful for you!
    "You will never walk along"
  • Waishon
    Waishon Posts: 4  Freshman Member
    First Comment
    edited December 2019
    +1 for this feature. (P.S. It seems for example Unifi Switches doesn't have this option as well, this would be another reason to change our whole infrastructure to Zyxel :P). 

    I also tried to use radius authentication for mac based authentication. This seems to work however the NPS/Freeradius server doesn't get the right NPS-Identifier. I would expect the NPS Identifier to be the name of the policy I setup in the Nebula Cloud (in my case "Auth50" and "Auth100") however the NPS Identifier is GS1920, which isn't helpful at all if you want to distinguish between differentports.

    For example I only want group "One" to be able to authenticate with port 1 and group "Two" with port 2. Currently I cannot distinguish in the Freeradius server if the user with the mac address is connected to port 1 or 2. I think this is a design flaw. In standalone mode you had the "Name prefix" option which adds a prefix to the username (mac), but this also doesn't seem to be possible with Nebula cloud.

    The information is pretty useless, the server doesn't know from which of the 10 GS1920 the request was sent. I think the policy name as "NAS Identifier" would be the best option.

  • Zyxel_Albert
    Zyxel_Albert Posts: 36  Zyxel Employee
    First Answer First Comment Friend Collector Third Anniversary

    Hi @Waishon,

    Thanks for your advisement, we will look into your case. Our original design is for the users who have one RADIUS server in the environment to make it simple.

    Will let you know if we have any update on this feature.

    Thanks and your feedback means lot to us

  • Infotecnika
    Infotecnika Posts: 18  Freshman Member
    First Comment Fourth Anniversary
    Hi ,im looking for this featue too.  We have an hospitality customer and want to mac filter to IPTV only per port.
  • Alfonso
    Alfonso Posts: 257  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    +1 for Mac filtering and port security on Nebula switches.
  • SkyGoat
    SkyGoat Posts: 16  Freshman Member
    First Comment Friend Collector Second Anniversary
    Hi, Also interested in this feature.  Are Zyxel making any progress with it?

    It's almost there.  I can go to Switch > Clients > Select a Client > Policy > Block List and the device is blocked from communicating.  Just need the opposite of this so that all devices are blocked by default and have to be Allowed.

Nebula Tips & Tricks