Limit MAC Addresses

DOWNLOAD THE LATEST FIRMWARE HERE
User avatar
sirhc
Employee
Employee
 
Posts: 7416
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: Limit MAC Addresses

Mon Dec 07, 2015 1:48 pm

Well the short answer is I "think" MAC filtering is possible. I can put it on the list of features to be evaluated to be implemented.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
MonkeyDan
Member
 
Posts: 4
Joined: Thu Sep 03, 2015 12:34 pm
Location: San Francisco, CA
Has thanked: 2 times
Been thanked: 0 time

Re: Limit MAC Addresses

Mon Dec 07, 2015 3:42 pm

NAT is OK (and encouraged) by us. We just don't want customers hooking up switches or access points and leaching public IPs from our DHCP pools.

User avatar
sirhc
Employee
Employee
 
Posts: 7416
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: Limit MAC Addresses

Mon Dec 07, 2015 4:12 pm

MonkeyDan wrote:NAT is OK (and encouraged) by us. We just don't want customers hooking up switches or access points and leaching public IPs from our DHCP pools.


Personally I NEVER give customers Layer 2 access to my net as I have had customers do BAD things with crappy routers like SOnic-Walls.

This is why if you are a residential or small commercial customer your CPE is in Router NAT mode and we lock you out of it and block you with access lists from even trying to login to it from inside.

If you are a commercial customer and you are allowed to have your own router your CPE radios is in ROUTER MODE no NAT and then we create a static route to your radio from the tower. THis means you do not have LAYER 2 access to my tower just your radio and regular airMAX radios can handle almost 100 Mbps of routing as it is a MIPS 24K 400 MHz cpu. EVen if doing Router NAT mode the radio can handle over 70 Mbps of NAT Routing which is more then most customers get anyway.

If you were a commercial customer in a local POP and I am handing you off a Port in the switch I would VLAN that port to a virtual sub-interface on the router and assign the appropriate sub-net that way you do not have LAYER 2 to my network.

I have found that allowing customers LAYER 2 access to our network only increases the chances they will do something stupid and pull down an AP or switch and affect other customers.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
mhoppes
Associate
Associate
 
Posts: 664
Joined: Thu Apr 10, 2014 9:14 pm
Location: Pennsylvania
Has thanked: 10 times
Been thanked: 125 times

Re: Limit MAC Addresses

Mon Dec 07, 2015 4:42 pm

Agreed. But look at that customer you gave Layer2 access to the switch that then VLANs to the router. That's where I'm talking about wanting to use MAC limitations.

User avatar
sirhc
Employee
Employee
 
Posts: 7416
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: Limit MAC Addresses

Mon Dec 07, 2015 5:06 pm

mhoppes wrote:Agreed. But look at that customer you gave Layer2 access to the switch that then VLANs to the router. That's where I'm talking about wanting to use MAC limitations.


I understand your request and I have put it on the list, however the Switch can handle thousands of MAC's without issue so if you see hundreds or thousands of MAC's on their interface you yell at them but their service works and you work with no harm however if we limit it to 1 MAC weird things will happen as the switch will constantly drop or expire the previous MAC when a new MAC issues a broadcast so the switch drops the 1st and starts talking to the seconds and so on which would mean their service acts weird. Now a MAC access list will limit a specified MAC and ignore all other broadcasts.

MAC access list or Static APRs are supported by the switch core so we can easily add this feature it just comes down to prioritizing resources to put it in the UI/CLI and testing it.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

Previous
Return to Hardware and software issues

Who is online

Users browsing this forum: No registered users and 65 guests