Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
MAC address Deny
« previous
next »
Print
Pages: [
1
]
Author
Topic: MAC address Deny (Read 5068 times)
Purple
Newbie
Posts: 1
Karma: 0
MAC address Deny
«
on:
July 19, 2017, 05:14:34 am »
Hi All,
Im new to OPNsense, just a brief intro we are a non-profit organization and a school.
I would like to seek help from you guys on how to really control the access of our network we have so many unwanted users on-board our network that needed to be block using MAC address, I made quite a lot of MAC address denied but yet they are still able to login to the network and to some MAC address it can not be block, the reason behind controlling the use of our network is that we have a very small bandwidth.
Is there a way we can deny access by using the MAC address or an alternative solution of blocking or denying unwanted users.
Thank you OPNsense for a great firewall system it help a lot to our operation.
Logged
bartjsmit
Hero Member
Posts: 2014
Karma: 194
Re: MAC address Deny
«
Reply #1 on:
July 19, 2017, 08:21:14 am »
I would use DHCP to assign reservations to a network range which represents sanctioned MAC addresses and then set traffic shaping to prioritise that block with everybody else going to a different range. Presumably your throughput is pretty poor already and throttling the unsanctioned devices may stop the more enterprising users from setting a static IP in the fast lane range, since they're getting at least some internet traffic.
Bart...
Logged
weust
Hero Member
Posts: 650
Karma: 57
Re: MAC address Deny
«
Reply #2 on:
July 19, 2017, 10:07:21 am »
MAC addresses can be spoofed/cloned, so even sanctioning won't help you security wise.
Using NPS with certificates rolled out to the devices you do allow would be the beter way, imo.
But, seeing you're a non-profit and school probably means your budget isn't very high.
I would physically seperate the LANs. To keep students away from your most important systems.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
MAC address Deny