Jason
See how you've made an impact in Zyxel Community this
year!
https://bit.ly/Your2024Moments_Community
Create a MAC Filtering in speciefied port
Infotecnika
Posts: 18 Freshman Member
Hi! We want to create a MAC Filtering rule for specied fort of a switch (GS1920-24P). The target is to permit only one MAC address to be connected en each port.
P1 -> Allow only MAC AXXXXXX
P2 -> Allow only MAC BBXXXXX
P3 -> Allow only MAC CCXXXXX
......
Well, y tried with ACL-> "Customization Rules" , but not sure how to create the rule as we can,t select the affected port (it,s greyed).
What are we doing wrong?
Thank you!
0
Accepted Solution
-
Hi @Infotecnika,
As you known that we already have MAC filtering feature in our idea section.
Here are the steps to configure Radius policy and apply the policy to needed port.
Steps:
(1) Go to Switch > Configure > RADIUS policies
(2) Add your radius server information(Host, Port and Secret)
(3) Add a Radius policy, fill out the required column, choose Radius policy type as MAC-base and configure password for MAC-Base
(4) Go to Switch > Configure > Switch ports, configure Type as Access, select the Radius policy profile and click "Update" to apply
Then Switch will do MAC-auth on configured port by sending authentication request to your radius server.(You will need to configure those allowed MAC addresses on your radius server.)
If you don't have radius server, there is an another workaround:
Configure Vendor ID based VLAN and Management VLAN control.
Target:
Move IPTVs with same vendor to another VLAN and remove those ports from management VLAN(Default VLAN1)
Steps:
(1) Go to Switch > Configure > Switch settings
(2) Enable and configure Vendor OUI, VLAN, Priority and Description
(3) Configure Management VLAN control by removing those needed ports from management VLAN1
=>EX: There are 28 ports, port 1-3 are IPTVs, then you need to configure 4-28 for management VLAN control
(4) Go to Switch > Configure > Switch ports, configure Type as Access, select VLAN type as Vendor ID based VLAN and click "Update" to apply
Hope it helps.5
All Replies
-
Hi @Infotecnika,
As you known that we already have MAC filtering feature in our idea section.
Here are the steps to configure Radius policy and apply the policy to needed port.
Steps:
(1) Go to Switch > Configure > RADIUS policies
(2) Add your radius server information(Host, Port and Secret)
(3) Add a Radius policy, fill out the required column, choose Radius policy type as MAC-base and configure password for MAC-Base
(4) Go to Switch > Configure > Switch ports, configure Type as Access, select the Radius policy profile and click "Update" to apply
Then Switch will do MAC-auth on configured port by sending authentication request to your radius server.(You will need to configure those allowed MAC addresses on your radius server.)
If you don't have radius server, there is an another workaround:
Configure Vendor ID based VLAN and Management VLAN control.
Target:
Move IPTVs with same vendor to another VLAN and remove those ports from management VLAN(Default VLAN1)
Steps:
(1) Go to Switch > Configure > Switch settings
(2) Enable and configure Vendor OUI, VLAN, Priority and Description
(3) Configure Management VLAN control by removing those needed ports from management VLAN1
=>EX: There are 28 ports, port 1-3 are IPTVs, then you need to configure 4-28 for management VLAN control
(4) Go to Switch > Configure > Switch ports, configure Type as Access, select VLAN type as Vendor ID based VLAN and click "Update" to apply
Hope it helps.Jason
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community5 -
Hi!Much thanks for yor explanation. I,ll see the option to install radius server or your workaround proposal.Regards.0
-
Hi @Infotecnika
Keep in mind that MAC Address can be easily spoofed.
Several ports could need to use the same MAC Address (for example multicast, VRRP, ...)
I suggest that your security is not based solely in the MAC Address filters.
Enjoy0 -
Much thanks for your infor Alfonso, but we,re making it for IP TVs and does not have any additional authetication protocols (...just macaddress or vendor_id etc)Best regards.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight