- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
The best way of deploying a static group of MAC addresses on GS752TX that can access the network.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to configure the group of ports on the S3300-52X switch so that only the devices within the indicated MAC addresses space can access the LAN and communicate with the other ports. However, devices with foreign MAC addresses must not have the ability to connect. I mainly want to eliminate the possibility of connecting to a LAN with a foreign device.I'm afraid that configuring the VLAN will not solve the problem, because we can not guess which LAN wall socket the intruder will connect to. If he connects to a given VLAN, he will have access to other devices in this VLAN. I don't want this. Therefore, I think the best option will be to define port filtering on MAC addresses. Hence my question. What functionality of the S3300-52X switch is best to use to achieve the goal? MAC filter configuration, Port Security or ACL.
Best regards
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
First of all, thank you very much for the hint which led me to resolve the case.
In order to achieve the blocking of "unknown" MAC addresses on the switch and the admission to the network only defined addresses on the GS752TX with latest at the moment firmware 6.6.4.9 installed you must do the following:
1. Define on selected ports in selected VLANs (if they are set, because by default VLAN1 is set on all ports, this is equivalent to the absence of any VLANs set) MAC addresses of network cards of connected clients. (Note: More than one static MAC can be defined on one port).
Main Menu -> Switching -> Address Table -> Advanced -> Static MAC Addresses
2. Next, in the menu Security -> Traffic Control -> Port Security -> Interface Configuration, select the port with the assigned MAC addresses and, what is important, set the "Max Learned MAC Address" to "0". If you do not set it, the port will continue to accept undefined MAC addresses. Defined MACs will only work on the port assigned to them. We did not want to accept any MAC addresses unknown to the switch. Therefore, setting the "Max Learned MAC Address" to "0" is so important.
I think that the matter can be treated as resolved.
Best regards
Witek
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: The best way of deploying a static group of MAC addresses on GS752TX that can access the netw...
Hi @wtosta,
Welcome to the community! 🙂
Here is what I suggest: First, add the specific MAC Addresses on the Address Table. To do this, login to the web-GUI of the S3300-52X switch then go to Switching > Address Table > Advanced > Static MAC Address then specify the interface you want to associate the MAC Addresses. As reference, read page 191 of the S330 Software Administration Manual here. Then finally, configure Port Security.
Let me share the old forum thread below since your concern is similar to it:
If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: The best way of deploying a static group of MAC addresses on GS752TX that can access the netw...
Just want to follow-up on this. Let us know if you have further inquiries.
Otherwise, if ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
First of all, thank you very much for the hint which led me to resolve the case.
In order to achieve the blocking of "unknown" MAC addresses on the switch and the admission to the network only defined addresses on the GS752TX with latest at the moment firmware 6.6.4.9 installed you must do the following:
1. Define on selected ports in selected VLANs (if they are set, because by default VLAN1 is set on all ports, this is equivalent to the absence of any VLANs set) MAC addresses of network cards of connected clients. (Note: More than one static MAC can be defined on one port).
Main Menu -> Switching -> Address Table -> Advanced -> Static MAC Addresses
2. Next, in the menu Security -> Traffic Control -> Port Security -> Interface Configuration, select the port with the assigned MAC addresses and, what is important, set the "Max Learned MAC Address" to "0". If you do not set it, the port will continue to accept undefined MAC addresses. Defined MACs will only work on the port assigned to them. We did not want to accept any MAC addresses unknown to the switch. Therefore, setting the "Max Learned MAC Address" to "0" is so important.
I think that the matter can be treated as resolved.
Best regards
Witek
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: The best way of deploying a static group of MAC addresses on GS752TX that can access the netw...
Hi @wtosta,
Thank you for your feedback. I'm glad to know that this matter is now resolved. 🙂
Since your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Cheers,
DaneA
NETGEAR Community Team