Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
Hello,
I found this 12 year old thread,
Block certain mac address to get ip from dhcp pool
and would like to know if it is now possible to prevent the assignment of IP addresses to specific MAC addresses.
Thanks
Hello busthead ,Thank you for reaching out to the community, you can create a network defination for the MAC Address [Path: Definitions & users > Network Definitions > MAC Address] And then you can use the definition to allow/block !
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Vivek, don't you think that "blocking" is unnecessarily complicated? Why not just create a Network Host with static mapping and assign the MAC to a specific address outside the range of the DHCP server?
Cheers - Bob
Vivek Jagad said:then you can use the definition to allow/block !
Where is the UTM UI is there an option to block by MAC address?
It is just the rule action drop/reject with source MAC, but go with the BAlfson suggestion busthead !
BAlfson said: just create a Network Host with static mapping and assign the MAC to a specific address outside the range of the DHCP server
I created the recommended Network Host definitions but the hosts are still being assigned IP addresses from my DHCP server:
Vivek Jagad said:It is just the rule action drop/reject with source MAC
Vivek Jagad I created MAC Address Definitions but they don't appear to be a valid firewall rule Source:
Hi,
I think you need to define/select the DHCP server, that you want to prevent assigning address to this host like in my settings:
Mit freundlichem Gruß, best regards from Germany,
Philipp Rusch
New Vision GmbH, GermanySophos Silver-Partner
If a post solves your question please use the 'Verify Answer' button.
jprusch said:I think you need to define/select the DHCP server, that you want to prevent assigning address to
So you're saying that I have to create a second DHCP server just to NOT assign an IP address to these hosts?
Not a second one, you need to select your DHCP server there. Because you want to prevent this server from servicing for this MAC. Therefore you define a static mapping and then this server knows, ok, there is already a definition, I don't need to bother with this host.
Ah! Gotcha. I'll try that...didn't work unfortunately:
hey busthead ,it can be used to further restrict a rule based on hosts/IP addresses to only match devices which have one of the defined MAC addresses.So for reference see the screenshot below:Step1Step2Select the Source MAC Address: And select the action based on your requirement either allow/drop/reject