mac-filtering on switch

FrankIversen
FrankIversen Posts: 92  Ally Member
First Anniversary Friend Collector First Comment Ideas master
edited April 2021 in Nebula

Hi.

Where do we set the mac-filtering on the switch port to only allow one particular mac-address to be connected to the switch?

«1

All Replies

  • Zyxel_Jason
    Zyxel_Jason Posts: 394  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @FrankIversen ,

    We are still evaluating the MAC-filtering feature on Nebula Switch.

    I will move this post to idea section.

    Thanks.

    Jason
  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    First Anniversary Friend Collector First Comment Ideas master

    does a nsg-50 firewall support this?

    we need to be able to secure on mac-addresses at same end-station where there is no people located on daily basis.

  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @FrankIversen ,

    NSG series do not support MAC address filtering, it's usually not implement on the layer 3 device, but in layer 2, so will evaluate it on switch.?


    /Chris

    Chris
  • FrankIversen
    FrankIversen Posts: 92  Ally Member
    First Anniversary Friend Collector First Comment Ideas master

    agh.. so we can not use nebula equipment at remote location where we want this security i guess..

  • RUnglaube
    RUnglaube Posts: 135  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    +1 for Mac filtering and port security on Nebula switches.

    I had a similar situation some time ago...At the end what I did was to setup a virtual machine with window server, setup a Radius server and use the Radius policy on switch ports to allow mac authentication on those ports. Hopefully it is also useful for you!
    "You will never walk along"
  • Waishon
    Waishon Posts: 4
    First Comment
    edited December 2019
    +1 for this feature. (P.S. It seems for example Unifi Switches doesn't have this option as well, this would be another reason to change our whole infrastructure to Zyxel :P). 

    I also tried to use radius authentication for mac based authentication. This seems to work however the NPS/Freeradius server doesn't get the right NPS-Identifier. I would expect the NPS Identifier to be the name of the policy I setup in the Nebula Cloud (in my case "Auth50" and "Auth100") however the NPS Identifier is GS1920, which isn't helpful at all if you want to distinguish between differentports.

    For example I only want group "One" to be able to authenticate with port 1 and group "Two" with port 2. Currently I cannot distinguish in the Freeradius server if the user with the mac address is connected to port 1 or 2. I think this is a design flaw. In standalone mode you had the "Name prefix" option which adds a prefix to the username (mac), but this also doesn't seem to be possible with Nebula cloud.

    The information is pretty useless, the server doesn't know from which of the 10 GS1920 the request was sent. I think the policy name as "NAS Identifier" would be the best option.

  • Zyxel_Albert
    Zyxel_Albert Posts: 36  Zyxel Employee
    First Anniversary Friend Collector First Comment

    Hi @Waishon,

    Thanks for your advisement, we will look into your case. Our original design is for the users who have one RADIUS server in the environment to make it simple.

    Will let you know if we have any update on this feature.

    Thanks and your feedback means lot to us

  • Infotecnika
    Infotecnika Posts: 18  Freshman Member
    First Anniversary 10 Comments
    Hi ,im looking for this featue too.  We have an hospitality customer and want to mac filter to IPTV only per port.
  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    +1 for Mac filtering and port security on Nebula switches.
  • Hi, Also interested in this feature.  Are Zyxel making any progress with it?

    It's almost there.  I can go to Switch > Clients > Select a Client > Policy > Block List and the device is blocked from communicating.  Just need the opposite of this so that all devices are blocked by default and have to be Allowed.

Nebula Tips & Tricks