Limit MAC Addresses

DOWNLOAD THE LATEST FIRMWARE HERE
User avatar
wayneorack
Experienced Member
 
Posts: 129
Joined: Thu Sep 04, 2014 12:16 pm
Location: San Angelo, TX
Has thanked: 188 times
Been thanked: 64 times

Re: Limit MAC Addresses

Tue Apr 21, 2015 4:10 pm

So much for BYOD!

User avatar
mhoppes
Associate
Associate
 
Posts: 664
Joined: Thu Apr 10, 2014 9:14 pm
Location: Pennsylvania
Has thanked: 10 times
Been thanked: 125 times

Re: Limit MAC Addresses

Wed May 06, 2015 11:57 am

So we never heard from the switch guys... is this possible?

User avatar
MonkeyDan
Member
 
Posts: 4
Joined: Thu Sep 03, 2015 12:34 pm
Location: San Francisco, CA
Has thanked: 2 times
Been thanked: 0 time

Re: Limit MAC Addresses

Fri Dec 04, 2015 4:36 pm

We'd be interested in this feature too, if possible.

User avatar
sirhc
Employee
Employee
 
Posts: 7416
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: Limit MAC Addresses

Fri Dec 04, 2015 5:06 pm

If we put this feature in (if it can be done) what prevents the customer from using a NAT Router and by-passing this?
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
lligetfa
Associate
Associate
 
Posts: 1191
Joined: Sun Aug 03, 2014 12:12 pm
Location: Fort Frances Ont. Canada
Has thanked: 307 times
Been thanked: 381 times

Re: Limit MAC Addresses

Fri Dec 04, 2015 5:40 pm

NAT would keep the MAC table size down unless the sub gets jiggy with proxy ARP.
mhoppes wrote:@wayneorack - Yes, that's fine. What this is designed to combat is someone connecting many devices to a switch port and overloading the MAC table in the switch/causing other issues on an EVC type of setup...

User avatar
mhoppes
Associate
Associate
 
Posts: 664
Joined: Thu Apr 10, 2014 9:14 pm
Location: Pennsylvania
Has thanked: 10 times
Been thanked: 125 times

Re: Limit MAC Addresses

Mon Dec 07, 2015 12:03 pm

Exactly - a NAT router is fine, that solves the issue being taken care of here.

If I hand off a port to a customer and limit it to one MAC address, I don' t care if they connect a single computer, router, or a NAT firewall with 50 devices behind it. What I want to stop is the customer connecting 50 devices to the switched transport network.

User avatar
sirhc
Employee
Employee
 
Posts: 7416
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: Limit MAC Addresses

Mon Dec 07, 2015 12:20 pm

mhoppes wrote:Exactly - a NAT router is fine, that solves the issue being taken care of here.

If I hand off a port to a customer and limit it to one MAC address, I don' t care if they connect a single computer, router, or a NAT firewall with 50 devices behind it. What I want to stop is the customer connecting 50 devices to the switched transport network.


Can't you limit this at the router level?

We VLAN each switch port to a virtual sub interface on the router so when you do this and if you only assign a /30 sub-net to that interface they can only have a single device connected as they can not get anywhere without a valid IP?

I try VERY HARD to limit Layer 2 Access to my network and when they do get layer 2 access they are on a virtual interface with only them and their sub-net.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
mhoppes
Associate
Associate
 
Posts: 664
Joined: Thu Apr 10, 2014 9:14 pm
Location: Pennsylvania
Has thanked: 10 times
Been thanked: 125 times

Re: Limit MAC Addresses

Mon Dec 07, 2015 12:23 pm

Yes, the customer is VLANed, but that doesn't stop them from being able to connect many multiple devices.

User avatar
sirhc
Employee
Employee
 
Posts: 7416
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: Limit MAC Addresses

Mon Dec 07, 2015 1:40 pm

mhoppes wrote:Yes, the customer is VLANed, but that doesn't stop them from being able to connect many multiple devices.


Matt, if the Customer is VLAN'ed all the way back to the router he dumps out onto as virtual interface that he shares with no other user.

If you only assign a single subnet to that "virtual" interface in the router then he can only connect a single unit.

For instance if you assign a subnet of: 200.200.200.0/30 to that virtual interface he can only connect a single device if wants to actually do anything which would be IP address 200.200.200.200.2 with a gateway of 200.200.200.1 with a subnet of 255.255.255.252
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
mhoppes
Associate
Associate
 
Posts: 664
Joined: Thu Apr 10, 2014 9:14 pm
Location: Pennsylvania
Has thanked: 10 times
Been thanked: 125 times

Re: Limit MAC Addresses

Mon Dec 07, 2015 1:42 pm

That doesn't stop him from connecting other devices and polluting the MAC table though, or in the case of an EVC connecting two locations, the customer may try to push their entire network down the pipe converging 500 or more MAC addresses on the interface.

Plus, let's say I want to do access control. I may want to limit access on a switch port to only a single MAC address that I lock down so someone can't plug another device in.

PreviousNext
Return to Hardware and software issues

Who is online

Users browsing this forum: Google [Bot] and 58 guests