Options
MAC filtering withwhitelist
Hello,
I have enabled MAC filtering. But, that the DHCP distributes an IP only if the MAC is in the whitlist. How to do?
Thanks.
0
Sign In to comment.
Hello,
I have enabled MAC filtering. But, that the DHCP distributes an IP only if the MAC is in the whitlist. How to do?
Thanks.
Comments
How to add MAC addrs to the allowed MAC addrs list?
If so, see this. If not, please explain more about what you want to do.
Restrict Network Traffic by MAC Address
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/restrict_by_mac_c.html
Hi @tonydj
If you've enabled a whitelist, the firewall will only talk to devices on that whitelist. That includes DHCP.
I would suggest avoiding a MAC whitelist unless you have a very specific reason to use it. It's very time consuming to maintain administratively, offers no encryption (anyone can still see the traffic flowing over a wire,) and MAC addresses are easily spoof-able. MAC filtering will only stop the most casual of connections, and will cost a lot of time to maintain.
-James Carson
WatchGuard Customer Support
hello,
thanks for your response.
I already use the article "Restrict Network Traffic by MAC Address". The filtrage is ok, but, my chef want the client don't obtent ip address. It's don't case, the client obtent ip address. I don't say if it's possible.
As James Carson stated - MAC addresses are easily spoof-able.
So even if you can "block" a specific MAC address, that may not prevent the device from connection to your network and getting an IP address.
Instead of using a whitelist, you can set up a DHCP reservation for the MAC addr of a device which you do not want to have Internet access, and then add a TCP-UDP packet filter From: the DHCP reservation IP addr To: Any-external, and set that policy to Denied. Move this policy to the top of your policy list.