3CX DLL-Sideloading attack: What you need to know
I found this 12 year old thread,
Block certain mac address to get ip from dhcp pool
and would like to know if it is now possible to prevent the assignment of IP addresses to specific MAC addresses.
Hello busthead ,Thank you for reaching out to the community, you can create a network defination for the MAC Address [Path: Definitions & users > Network Definitions > MAC Address] And then you can use the definition to allow/block !
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Vivek Jagad said:then you can use the definition to allow/block !
Where is the UTM UI is there an option to block by MAC address?
It is just the rule action drop/reject with source MAC, but go with the BAlfson suggestion busthead !
Vivek Jagad said:It is just the rule action drop/reject with source MAC
Vivek Jagad I created MAC Address Definitions but they don't appear to be a valid firewall rule Source:
hey busthead ,it can be used to further restrict a rule based on hosts/IP addresses to only match devices which have one of the defined MAC addresses.So for reference see the screenshot below:Step1Step2Select the Source MAC Address: And select the action based on your requirement either allow/drop/reject
Thanks for clarifying. Unfortunately, specifying their MAC under Advanced didn't prevent the hosts from being assigned an IP address:
either you can put the computer on a vlan/subnet that doesn't have a DHCP server on it. Don't enable DHCP Relay for that subnet and you're fine. Or, just assign a static IP
Vivek Jagad said:put the computer on a vlan/subnet that doesn't have a DHCP server on it.
Good idea but these are unknown hosts (I can't find them) so I can't change their configuration.
Other than running another DHCP server on the VLAN, is there a way to restrict their MAC addresses to the VLAN on the UTM side?
I created a VLAN:
And a DHCP server on the VLAN interface (Unknown):
Static mappings for the unknown hosts in the Unknown address space:
And they are still receiving an IP address from my production DHCP server:
Blocking hosts shouldn't be this difficult. Ubiquiti can do it with three clicks...
busthead said:Good idea but these are unknown hosts (I can't find them) so I can't change their configuration
We do it the other way 'round. Any unknown MAC goes into a quarantaine VLAN wihn no further network or internet access (we use the wireless hotspot for this it also works on wired networks). Better for security.
^^How are you doing this? What determines the mac going in to the quarantine vlan?
Alan Brand said:Any unknown MAC goes into a quarantaine VLAN
Alan Brand I would also like to know how you are doing this.