DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Wired Access List
- leighwhitling
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 27
- Thank you received: 0
06 Oct 2020 17:24 #97365
by leighwhitling
Wired Access List was created by leighwhitling
Hi All
I know its possible to add a Wireless MAC Access list to a DrayTek Router but Is it possible to add a Wired MAC Access list to a DrayTek ?
Basically i want 2 devices plugged into the router which will be allowed to access the router / internet service but authorised because their MAC addresses are on the accept list...
The only way i can think of is to setup MAC to IP and then setup a Filter in the Firewall to accept outbound traffic on the required IPs...
Any advice would be appreciated.
I know its possible to add a Wireless MAC Access list to a DrayTek Router but Is it possible to add a Wired MAC Access list to a DrayTek ?
Basically i want 2 devices plugged into the router which will be allowed to access the router / internet service but authorised because their MAC addresses are on the accept list...
The only way i can think of is to setup MAC to IP and then setup a Filter in the Firewall to accept outbound traffic on the required IPs...
Any advice would be appreciated.
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
07 Oct 2020 00:58 #97370
by hornbyp
Replied by hornbyp on topic Re: Wired Access List
I typed this reply in about 5 times now, and the flamin' forum software keeps inviting me to login, every time I hit "Preview" and then loses all the text ... it's ended up rather terse
If you really want to authenticate the device 'on to the wire', then 802.1x is probably (part of) the answer:
https://www.draytek.co.uk/support/guides/kb-wired-8021x
But personally, I think a VLAN will suffice...
See:
https://www.draytek.co.uk/information/our-technology/vlans
If the 2 devices are currently plugged into a switch shared with other devices, you'll need to upgrade it to one that supports VLAN-tagging (unless they happen to have a network adapter that supports VLAN tags). But if they're already in their own ports on the Router, you should just be able to make it 'port-based'.
Just using 'Bind MAC to IP' won't really give you what you want: a) it could be circumvented by reconfiguring the device to have a static IP address and b) those devices would still have access to the LAN (that traffic staying in the 'switch' section ... and not travelling through the firewall)
If you really want to authenticate the device 'on to the wire', then 802.1x is probably (part of) the answer:
But personally, I think a VLAN will suffice...
See:
If the 2 devices are currently plugged into a switch shared with other devices, you'll need to upgrade it to one that supports VLAN-tagging (unless they happen to have a network adapter that supports VLAN tags). But if they're already in their own ports on the Router, you should just be able to make it 'port-based'.
Just using 'Bind MAC to IP' won't really give you what you want: a) it could be circumvented by reconfiguring the device to have a static IP address and b) those devices would still have access to the LAN (that traffic staying in the 'switch' section ... and not travelling through the firewall)
Please Log in or Create an account to join the conversation.
- admin3
- Offline
- Site Admin
Less
More
- Posts: 604
- Thank you received: 0
09 Oct 2020 15:16 #97392
by admin3
Forum Administrator
Replied by admin3 on topic Re: Wired Access List
Bind IP to MAC should work for this. IF the Strict Bind option is enabled, the router will only communicate with the MAC addresses in the Bind IP to MAC list, using the specified IP addresses.
802.1x on the LAN ports is another option but that's a bit more work to set up.
802.1x on the LAN ports is another option but that's a bit more work to set up.
Forum Administrator
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
09 Oct 2020 15:56 #97395
by hornbyp
Agreed that 'Strict Bind' is a useful part of the armoury, but if applied with no other changes, then every device on that LAN would have to appear in the 'Bind IP to MAC' list.
Replied by hornbyp on topic Re: Wired Access List
admin3 wrote:
Bind IP to MAC should work for this. IF the Strict Bind option is enabled, the router will only communicate with the MAC addresses in the Bind IP to MAC list, using the specified IP addresses.
Agreed that 'Strict Bind' is a useful part of the armoury, but if applied with no other changes, then every
Please Log in or Create an account to join the conversation.
- adrianh54
- Offline
- Member
Less
More
- Posts: 428
- Thank you received: 0
10 Oct 2020 11:51 #97404
by adrianh54
Ahh, it isn't only me then , maybe the server has cornavirus:evil: It is getting rather silly with being logged in but having to login again to read/reply/type. Also seen many replies simply vanish upon hitting the reply button. Time to use a decent software
phpPBB is appallingly bad.
Replied by adrianh54 on topic Re: Wired Access List
hornbyp wrote:
I typed this reply in about 5 times now, and the flamin' forum software keeps inviting me to login, every time I hit "Preview" and then loses all the text ... it's ended up rather terse
Ahh, it isn't only me then , maybe the server has cornavirus
phpPBB is appallingly bad.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek