D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: pmburch on April 07, 2011, 01:07:22 PM

Title: DFL-260 Access to LAN by MAC Only
Post by: pmburch on April 07, 2011, 01:07:22 PM

I have a DFL-260 and would like to allow only computers, both wired and wireless, with specific ether addresses (MAC's) access to the LAN. So that just anyone with a computer and a patch cable or wireless adapter cannot connect to the LAN.

Our network is comprised of a DFL-260 firewall, DWS-4026 switch with 12 ports setup for wired access (12 client computers), and 12 ports connected to 12 DWL8600AP access points (46 client devices).  Our network has two internet connections, WAN1, WAN2(DMZ) and only one LAN (192.168.1.0/24).

  Just a thought, create a Ether Address Folder Object, then within that folder create an ether address object for every device on the network....

Title: Re: DFL-260 Access to LAN by MAC Only
Post by: chechito on April 12, 2011, 10:52:34 AM

security at the 2 layer level (mac addresses) generally its implemented in the switch to restrict the access from the port itself providing better security avoiding not only navigation to unauthorized  mac addresses , avoindig it from entering the lan.

Using arp static entries you can avoid rogue clients trying to use ip addresses with access to internet allowed