Applicable version – 9.6.0 build 16 onwards
MAC address filtering is more secure than IP address filtering as MAC address is rarely changed.
In DHCP environment, IP address changes dynamically and hence MAC address is more reliable to identify source and destination of the network traffic.
In wireless environment, common security measure to prevent the unwanted network access is MAC address filtering. Here the router is configured to accept traffic from specific MAC addresses only and whitelisted devices are assigned new IP addresses through DHCP. This way they retain their ability to communicate with the Network. Any attempt to communicate by masquerading the IP address will blocked as attacker’s computer’s MAC address will not match with the MAC address of the whitelisted devices.
The article provides the steps to block the Internet access based on MAC address. Entire configuration is to be done through the Web Admin console of Cyberoam.
Step 1. Add Host
Go to Firewall à Host à Add and add host with the following parameters:
MAC address – As per your requirement
Alternately, host can be added at the time of configuring firewall rule also.
Step 2. Create LAN to WAN zone firewall rule
Go to Firewall à Create Rule and create a firewall rule with the following parameters:
Source – LAN/mypc (host as created in step 1)
Destination – WAN/Any Host
Service/Service Group – All Services (Change if required)
Apply Schedule – As per your requirement
Action - Drop
In the similar manner, access can be blocked for multiple MAC addresses also.
Above configuration will block the Internet access for any user whose request is coming from the MAC address ‘00-1D-09-DF-84-54’.
Please note that MAC address of the original requestor is replaced with the MAC address of the firewall, router or layer 3 switch when the request is routed through them. So if the user is not directly connected through Cyberoam, Cyberoam will not receive the MAC address of the original requester. In such cases, use user-MAC binding to block the Internet access as specified How do I enable User/MAC binding?
Document version – 1.0-15/07/2009