0
Votes

MAC filter only specify range (not complete MAC address)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
 
0
Votes

MAC filter only specify range (not complete MAC address)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
MAC filter only specify range (not complete MAC address)
MAC filter only specify range (not complete MAC address)
2024-03-12 09:14:09 - last edited 2024-03-15 02:34:42
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: V2.2.4
Hello TP Link,

I would really like it if you could only specify ranges for the MAC filter in the routers. 

At the moment you have to whitelist the entire MAC address. 

It would simplify one area to such an extent that devices from one manufacturer could be completely released without knowing every single MAC address.

 

BR Tim

#1
Options
4 Reply
Re: MAC filter only specify range (not complete MAC address)
2024-03-13 01:50:29

Hi @TW_EPC 

Thanks for posting in our business forum.

But, do you happen to know if there is any vendor doing so?

 

Here's my concern, the MAC address table or filter would be the table you refer to when stopping unwanted devices, if we help you whitelist the whole MAC address range from one manufacturer, will that be a problem if someone fakes the MAC address into that range?

 

In a business network, you would like to make sure every MAC address can be traced to the person.

By doing what you asked, that would save time in configuration but is this safe to do? At least, does not make sense to me. I can understand your point about the time-saving aspect. But, not for the purpose of MAC address security.

 

I am really interested in if there is a vendor doing so. That would be a point I write in the feedback. Hope to see your comments and thoughts.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#2
Options
Re: MAC filter only specify range (not complete MAC address)
2024-03-14 10:18:30

  @Clive_A 

 

Hello Clive,

 

We currently use a Linux DHCP that can do this.

 

The background to the story is that we route routers to our ACS using option 43. These are temporarily given an IP address, are directed to the ACS via Option43 and then receive a (new) PPPoE configuration.

 

This means that the DHCP server, which in our case should be the ER605, only assigns addresses temporarily. However, the DHCP has Internet access to websites via whitelist. We will distribute the DHCP untagged in the VLAN throughout the entire network.

 

So that not everyone can connect their laptop or something like that, we only want to allow certain manufacturers. Usually manufacturers of routers (TP-Link, ASUS, AVM etc.) .

 

And since we don't know every single MAC address of the device from our customers, an area (like the one we use on Linux) would be much more interesting for us.

 

BR Tim

#3
Options
Re: MAC filter only specify range (not complete MAC address)
2024-03-15 01:06:34

Hi @TW_EPC 

Thanks for posting in our business forum.

TW_EPC wrote

  @Clive_A 

 

Hello Clive,

 

We currently use a Linux DHCP that can do this.

 

The background to the story is that we route routers to our ACS using option 43. These are temporarily given an IP address, are directed to the ACS via Option43 and then receive a (new) PPPoE configuration.

 

This means that the DHCP server, which in our case should be the ER605, only assigns addresses temporarily. However, the DHCP has Internet access to websites via whitelist. We will distribute the DHCP untagged in the VLAN throughout the entire network.

 

So that not everyone can connect their laptop or something like that, we only want to allow certain manufacturers. Usually manufacturers of routers (TP-Link, ASUS, AVM etc.) .

 

And since we don't know every single MAC address of the device from our customers, an area (like the one we use on Linux) would be much more interesting for us.

 

BR Tim

Specific name of that feature, can you give me a screenshot or name?

Or it is a tool installed on your Linux?

 

If you need DHCP option 43, you have an option to customize your DHCP option.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#4
Options
Re: MAC filter only specify range (not complete MAC address)
2024-03-15 08:27:09

  @Clive_A 

 

Hey,

 

Option 43 works fine. That's not the point. This is a very simple DHCP on Linux with a corresponding whitelist as a group.

 

And this whitelist only required ranges and not complete MACs.

 

BR Tim

#5
Options