Declined MAC filter only specify range (not complete MAC address)
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hello TP Link, I would really like it if you could only specify ranges for the MAC filter in the routers. At the moment you have to whitelist the entire MAC address. It would simplify one area to such an extent that devices from one manufacturer could be completely released without knowing every single MAC address.
BR Tim
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @TW_EPC
Thanks for posting in our business forum.
But, do you happen to know if there is any vendor doing so?
Here's my concern, the MAC address table or filter would be the table you refer to when stopping unwanted devices, if we help you whitelist the whole MAC address range from one manufacturer, will that be a problem if someone fakes the MAC address into that range?
In a business network, you would like to make sure every MAC address can be traced to the person.
By doing what you asked, that would save time in configuration but is this safe to do? At least, does not make sense to me. I can understand your point about the time-saving aspect. But, not for the purpose of MAC address security.
I am really interested in if there is a vendor doing so. That would be a point I write in the feedback. Hope to see your comments and thoughts.
- Copy Link
- Report Inappropriate Content
Hello Clive,
We currently use a Linux DHCP that can do this.
The background to the story is that we route routers to our ACS using option 43. These are temporarily given an IP address, are directed to the ACS via Option43 and then receive a (new) PPPoE configuration.
This means that the DHCP server, which in our case should be the ER605, only assigns addresses temporarily. However, the DHCP has Internet access to websites via whitelist. We will distribute the DHCP untagged in the VLAN throughout the entire network.
So that not everyone can connect their laptop or something like that, we only want to allow certain manufacturers. Usually manufacturers of routers (TP-Link, ASUS, AVM etc.) .
And since we don't know every single MAC address of the device from our customers, an area (like the one we use on Linux) would be much more interesting for us.
BR Tim
- Copy Link
- Report Inappropriate Content
Hi @TW_EPC
Thanks for posting in our business forum.
TW_EPC wrote
Hello Clive,
We currently use a Linux DHCP that can do this.
The background to the story is that we route routers to our ACS using option 43. These are temporarily given an IP address, are directed to the ACS via Option43 and then receive a (new) PPPoE configuration.
This means that the DHCP server, which in our case should be the ER605, only assigns addresses temporarily. However, the DHCP has Internet access to websites via whitelist. We will distribute the DHCP untagged in the VLAN throughout the entire network.
So that not everyone can connect their laptop or something like that, we only want to allow certain manufacturers. Usually manufacturers of routers (TP-Link, ASUS, AVM etc.) .
And since we don't know every single MAC address of the device from our customers, an area (like the one we use on Linux) would be much more interesting for us.
BR Tim
Specific name of that feature, can you give me a screenshot or name?
Or it is a tool installed on your Linux?
If you need DHCP option 43, you have an option to customize your DHCP option.
- Copy Link
- Report Inappropriate Content
Hey,
Option 43 works fine. That's not the point. This is a very simple DHCP on Linux with a corresponding whitelist as a group.
And this whitelist only required ranges and not complete MACs.
BR Tim
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 374
Replies: 4
Voters 0
No one has voted for it yet.