Re: Need to secure a GS110TP switch

ramram · ‎2017-02-08

Hi all

We just got a GS110TP managed switch. We need it to recognize only a set of network devices and drop the rest. Trying to set MAC filtering but for some reason its not working and all devices are working. To put you in the picture we connected 5 PCs to the switch on Ports 1-5....we just need PCs on port 1 and 2 to work....the PCs on port 3-5 should not be able to connect.

What might we be missing?

Thanks all

DaneA · ‎2017-02-26

@ramram,

I just want to follow-up on this. Were you able to access the article I've shared and used it as your reference guide? Also, were you able to try to configure Port Security on your GS110TP switch?

Regards,

DaneA

NETGEAR Community Team

View solution in original post

JohnRo · ‎2017-02-08

Hello ramram,

Welcome to the community!

The best way is configuring MACL ACL, see page 210 of the user manual. It will help you with using the ACL wizard and makes sure that the MAC rules are defined to your specifications. What firmware version are you using by the way?

Thanks,

ramram · ‎2017-02-08

It's 5.4.2.22

I still cant manage :((

JohnRo · ‎2017-02-09

Hi ramram,

You can contact out support team so they can walk you through with creating MAC ACL. They should be able to guide you through.

Thanks,

JohnRo · ‎2017-02-13

Hi ramram,

Were you able to talk to support regarding this one?

Thanks,

ramram · ‎2017-02-13

Yes still lost though...

What I need is this setup:

I WISH TO BE ABLE TO SET SWITCH TO 'RECOGNIZE' ONLY 2 COMPUTERS BY MAC. THESE 2 COMPUTERS SHOULD WORK ON ALL PORTS.
IF I CONNECT OTHER PCs THEY SHOUDNT WORK ON ALL PORTS.

Cant get it to work 😞

Carl_z · ‎2017-02-13

Hi ramram,

Welcome to the Community!

I think it it possible for you to achieve the goal by mac acl. Try with following steps

1. Go to "ACL>ACL Wizard", select "ACl Based on Source MAC"

2. Add rules

rule 1 Permit source mac **********/00:00:00:00:00:00 (input pc1's mac)

rule 2 Permit source mac **********/00:00:00:00:00:00 (input pc2's mac)

rule 3 Deny Match Every

3. On binging Configuration slect all ports.

You can also refer to the pic

Hope it helps

Carl

Netgear Employee

ramram · ‎2017-02-15

Hi...I followed your instructions to the letter however ALL ports became unreachable when I mark them. I had to reset the switch and retry...

When I tried it the 2nd time I left two ports unmarked and they kept working whilst the other six ports became unactive....

What am I missing here?

Carl_z · ‎2017-02-16

Hi ramram,

You are almost got success. We should change the " COS" ,and "EtherType key".

When you create Source MAC Address Rules Table, change "cos" and "EtherType Key" to blank by default they are 1 and ipv4. And config result is like this pic

Best Regards

Carl

Carl_z · ‎2017-02-16

Hi ramram,

Tips: It best for us to delete the previous created acls,and create again with above method.

Thanks

Carl

ramram · ‎2017-02-19

I give up

Did all you said to the letter, assigned all ports to the ACL, and the switch became unreachable!!

Isnt this supposed to be a bit easier?!

DaneA · ‎2017-02-20

@ramram,

Kindly access this article and use it as your reference guide in setting up MAC ACL.

Also, if you want to try to configure Port Security based on MAC Address, here are the steps:

1. On the web-GUI of the GS110TP switch, go to Switching > Address Table > Advanced > Static MAC Address.

2. Add a static MAC address entry.

a. Select the VLAN ID corresponding to the MAC address to add.

b. Specify the MAC address to add.

c. Specify the port associated with the MAC address.

d. Click Add.

Note: From steps 1-2, refer to pages 3-56 to 3-57 of the GS110TP user manual here.

3. On the web-GUI of the GS110TP switch, go to Security > Traffic Control, and then click the Port Security > Port Security Configuration.

4. Select Enable on Port Security Mode then click Apply.

5. On the web-GUI of the GS110TP switch, go to Security > Traffic Control, and then click the Port Security > Interface Configuration.

6. Specify the following settings:

a. Port Security. Enable or Disable the port security feature for the selected port. •

b. Max Allowed Dynamically Learned MAC. Sets the maximum number of dynamically learned MAC addresses on the selected interface. Valid range is 0–600.

c. Max Allowed Statically Locked MAC. Sets the maximum number of statically locked MAC addresses on the selected interface. Valid range is 0–20.

d. Enable Violation Traps. Enables or disables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port.

7. Click Apply.

Note: From steps 3-7, refer to pages 5-37 to 5-40 of the GS110TP user manual here.

Let me share this forum link here since its similar to your goal.

Hope it helps.

Regards,

DaneA

NETGEAR Community Team

DaneA · ‎2017-02-26

@ramram,

I just want to follow-up on this. Were you able to access the article I've shared and used it as your reference guide? Also, were you able to try to configure Port Security on your GS110TP switch?

Regards,

DaneA

NETGEAR Community Team

ramram · ‎2017-02-26

yes i managed. the problem is that i was allocating all ports where in reality you should always like a vacant port for the uplink

thanks for your help

DaneA · ‎2017-02-26

@ramram,

Thanks for the update. I'm glad the problem is now resolved. 🙂

Since your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

Cheers,

DaneA

NETGEAR Community Team