HomeHome ArticlesArticles Most Popular ArticlesMost Popular Articles Most Helpful ArticlesMost Helpful Articles Request New ArticleRequest New Article
RSS Feeds
DrillDown Icon Table of Contents
DrillDown Icon Knowledge Base Information
DrillDown Icon Cyberoam Security Appliances (UTM and NGFW)
DrillDown Icon FAQs on Cyberoam and Sophos Firewall
DrillDown Icon Vulnerability Security Advisories
DrillDown Icon Best Practices & Policies
DrillDown Icon Protect Your Cyberoam Appliances from Power Fluctuations
DrillDown Icon Technical Library
DrillDown Icon Deployment
DrillDown Icon Registration & Licensing
DrillDown Icon System
DrillDown Icon Objects
DrillDown Icon Network
DrillDown Icon Identity
DrillDown Icon Firewall
DrillDown Icon How to disable Email notification for virtual host failover?
DrillDown Icon Open a Specific Port in Cyberoam
DrillDown Icon Configure Virtual Host using FQDN
DrillDown Icon Configure HTTPS inspection using third-party Certificate
DrillDown Icon Exclude Users’ Data Accounting for Specific Traffic
DrillDown Icon Block Internet access for IPv6-based traffic
DrillDown Icon Import Trusted MAC Address from CSV File
DrillDown Icon Allow Remote Desktop Connection of Internal Network Resources over Internet
DrillDown Icon Allow Only Email Traffic While Blocking All Internet Access
DrillDown Icon Does Cyberoam protect the network against IP Spoofing?
DrillDown Icon Configure Location-aware Identity-based Access Control Policy
DrillDown Icon Configure Virtual Host with Load Balancing and Health Checking
DrillDown Icon Allow Access to Internal Server Behind Cyberoam Using Non-Standard Port
DrillDown Icon Create a Schedule Based Firewall Rule
DrillDown Icon How to create a Country-based Firewall Rule
DrillDown Icon Create Source NAT Policy in Cyberoam
DrillDown Icon Create DoS Bypass Rule
DrillDown Icon Configure Port Forwarding using Virtual Host to access devices on Internal network
DrillDown Icon Publish Internal Server over Internet
DrillDown Icon Block Internet Access Based on MAC Address
DrillDown Icon Configure Policy-based Routing
DrillDown Icon How can I protect my network’s internal resources from becoming zombies and being illegitimately used for Spamming?
DrillDown Icon How to find out the country to which an IP Address belongs?
DrillDown Icon How to NAT Cyberoam generated traffic?
DrillDown Icon Why client computers are not able to get DHCP lease IP after deployment of Cyberoam in bridge mode between DHCP Server and Clien
DrillDown Icon How can we enable Strict Authentication for unauthenticated users?
DrillDown Icon Create Reflexive Firewall Rules to publish Internal Server
DrillDown Icon How to prevent TCP Split Handshake spoof attack?
DrillDown Icon VPN
DrillDown Icon IPS
DrillDown Icon Web Filter
DrillDown Icon Application Filter
DrillDown Icon Web Application Firewall (WAF)
DrillDown Icon IM
DrillDown Icon Quality of Service (QoS)
DrillDown Icon Anti Virus
DrillDown Icon Anti Spam
DrillDown Icon Logs & Reports
DrillDown Icon Clients
DrillDown Icon Cyberoam Maintenance
DrillDown Icon Compatibility
DrillDown Icon Archives
DrillDown Icon Cyberoam Virtual Security
DrillDown Icon Cyberoam iView
DrillDown Icon Cyberoam Central Console
DrillDown Icon Cyberoam's On-Cloud Management Service
  Subscribe Print PreviewPrint Current Article and All Sub-Articles
Rate Icon Rate Icon Rate Icon Rate Icon Rate Icon
Block Internet Access Based on MAC Address

Applicable Version: 10.00 onwards


MAC address filtering is more secure than IP address filtering as MAC address is rarely changed.


In DHCP environment, the IP addresses of host change dynamically and hence filtering over MAC address is more reliable and feasible to identify and filter source and destination of the network traffic.


In wireless environment (WLAN), the most common security measure to prevent the unwanted network access is MAC address filtering. Here, the router is configured to accept traffic from specific MAC addresses only and whitelisted devices are assigned new IP addresses through DHCP. In this way, the hosts retain their ability to communicate with the Network. Any attempt to communicate by masquerading the IP address will be blocked as the attacker’s MAC address will not match with the MAC address of the whitelisted devices.



Block Internet access for IPv6 traffic based on MAC Address.


The entire configuration is to be done from Cyberoam Web Admin Console using profile having read-write administrative rights for relevant feature(s).

Step 1: Add MAC host

Go to Objects > Hosts > MAC Host and click Add to add a MAC host. Specify the parameters as shown in the table below:







Specify a name to identify the MAC host.


MAC Address

Select the MAC Type.

Available options:

·        MAC Address

·        MAC List

MAC Address


Specify the MAC Address of the host.



Click OK to add the MAC host.

Step 2: Create Firewall Rule to block Internet Traffic from the MAC Host

Go to Firewall > Rule > IPv4Rule and click Add to add a new firewall rule.


Specify the parameters according to the table given below:







Specify a name to identify the firewall rule.




Select source and destination zone to which the rule applies.

Network / Host


From the drop down menu, selectMAC Hostand then the MAC Host created instep 1.



Specify the action for the traffic matching the criteria.



Click OK to add the rule.


To block IPv6 traffic, you can define an IPv6 firewall rule similarly.


This rule blocks entire IPv4 traffic for the MAC host 37-97-0E-AB-56-46 originating from LAN and destined for WAN.





MAC-based internet filtering works only when the network nodes are directly connected to Cyberoam. So, in network scenarios where the nodes are connected via a firewall, router or a layer 3 switch, User-MAC binding must be enabled, for details, refer article How do I enable User/MAC Binding?



                                                                                                                                                Document Version: 1.0 – 24 November, 2014


Related Articles

Article ID: 1985