NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
GS110TPV3 Device security on port level ?
Hello everyone,
I have recently installed POE IP Camera’s outside of my home.
Leaving me with accessible network cables outside my primary hackers defense.
“The door” 😉
Now I am a little overwhelmed with all the terminology that I find in the manual for my GS110TPV3.
What could I use to make sure that only the camera is able to connect to the port it is on?
And prevent any unwanted network devices from getting on my network.
I can imagine there are more then one answers to this one. So do not spare me. I’ll read up on the solutions.
With kind regards,
Jurjen
Setup:
OPNSense router -> GS110TPV3 -> Camera
VLan’s can be used to come to a solution, although I have none at the moment.
4 Replies
8-Port Gigabit (PoE+) Ethernet Smart Managed Pro Switch with (2 SFP Ports and) Cloud Management Models GS108Tv3, GS110TPv3, and GS110TPP User Manual p.384, Manage Port Security
Welcome to the Netgear Community!
schumaku wrote:
8-Port Gigabit (PoE+) Ethernet Smart Managed Pro Switch with (2 SFP Ports and) Cloud Management Models GS108Tv3, GS110TPv3, and GS110TPP User Manual p.384, Manage Port Security
p.348 I had in mind ... not an ACL config.
schumaku Thanks for the link to the manual.
It does go into a little more depth on the ACL principles, although not a lot.
Eventually I came up with this one:
Go to Security -> ACL -> Basic and MAC ACL:
Create a placeholder name here. "AllowCameras"
Then go to MAC Rules... (The hard part)
Enter your device MAC adresses 1 at the time. But take note of the MAC Mask (I was not aware this existed)
First I followed the manual, and used 00:00:00:FF:FF:FF which splits up the MAC in the middle
EC:71:DB | 6C:85:C0
00:00:00 | FF:FF:FF
And it is just using the first 3 positions to allow on the ports. so 1 entry will work here for me.
But I changed it to 00:00:00:00:00:00 to make a unique set of 1 MAC Adress
After that you bind the rules to the ports you need them on.
in MAC Binding Configuration.
I do not have a clue what the difference between Unit1 Ports and LAG is.
But I’ll look at that tomorrow 😉
LAG are link aggregation groups, combining two or more physical ports into a group. Without LAGs configured (no need to where no LAGs are in use to provide more bandwidth than what a single physical Ethernet link can provide), no need to mark random LAGs ... especially if these don't are neither configured, nor required.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
