NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS724v4 switch MAC ACL NOT WORKING
I have a Netgear GS724Tv4 which I upgraded to the last firmware available (6.3.1.47). I want to use MAC ACLs to restrict access to the network to some specific PCs. Went to ACL -> Basic and did the following:
1 - In MAC ACL tab created a rule named: Allowed_MACs
2 - Add this rule to Allowed_MACs rule in MAC Rules tab:
ID Action Match Every Source MAC Source MAC Mask VLAN
1 Permit False 74:D4:35:8E:66:F9 FF:FF:FF:FF:FF:FF 1
3 - In MAC Binding Configuration Tab, applied Allowed_MACs (Inbound) to port...say 15
4 - Binding Table tab shows the following, as I guess should be:
Interface Direction ACL Type ACL ID Sequence Number
g15 In Bound MAC ACL Allowed_MACs 1
Result:
No matter what I connect to port 15, traffic will be allowed when only PC with MAC 74:D4:35:8E:66:F9 should be allowed.
Applied the same rule TO ALL PORTS except 24 where I have a linux terminal to test ping with and... same result. I can connect any PC to any port (1-23) and linux box on port 24 still respond to ping.
Note: Tried another switch (same model) with an older firmware version and the same happens.
Any Idea?
Thnx!!
Review the Source MAC, especially the meaning of the Source MAC Mask:
Source MAC. Requires a packet’s source port MAC address to match the address listed here. Enter a MAC address in this field. The valid format is xx:xx:xx:xx:xx:xx.
Source MAC Mask. If desired, enter the MAC mask for the source MAC address to match. Use Fs and 0s in the MAC mask, which is in a wildcard format. An F means that the bit is not checked, and a 0 in a bit position means that the data must equal the value given for that bit. The valid format is xx:xx:xx:xx:xx:xx. A MAC mask of 00:00:00:00:00:00 matches a single MAC address.
1 Reply
Review the Source MAC, especially the meaning of the Source MAC Mask:
Source MAC. Requires a packet’s source port MAC address to match the address listed here. Enter a MAC address in this field. The valid format is xx:xx:xx:xx:xx:xx.
Source MAC Mask. If desired, enter the MAC mask for the source MAC address to match. Use Fs and 0s in the MAC mask, which is in a wildcard format. An F means that the bit is not checked, and a 0 in a bit position means that the data must equal the value given for that bit. The valid format is xx:xx:xx:xx:xx:xx. A MAC mask of 00:00:00:00:00:00 matches a single MAC address.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
