Router that can control port access?

J

jyi786

Supreme [H]ardness
Joined
Jun 13, 2002
Messages
5,760
I was wondering if there was such thing as a router/managed switch that has like 4-8 ports or more on it, that can control what ports can have internet access or intranet access. Any suggestions?
 
If you want lower end stuff, look at MAC filtering.
Higher end stuff you will want to look into port security, ACLs, VLANs, etc.
 
xphil3 said:
If you want lower end stuff, look at MAC filtering.
Higher end stuff you will want to look into port security, ACLs, VLANs, etc.
Click to expand...

Hmmmm. MAC filtering. First time I ever heard of this.

So basically within the router, you will check all connected devices, and, whatever MAC address you want blocked from either sending or receiving packets on whatever protocols/ports, you'd specify? So basically like keyword URL filtering?
 
So you've heard of ACLs and port security but not MAC filtering in lower end soho equipment to do what you want to do? hmm.....
Generally when you MAC filtering anything its on a per medium/interface basis, like MAC filtering through your WiFi or you LAN not on a per protocol basis.. for that you would need something more robust that can do ACL's

I temporarly hooked up a pretty old blitzz router a few days ago to test something out, the MAC filtering was done as the device appeared on the network, then I would select to either filter the device or permit it to access the LAN. I could also drill down access even more and permit specific MAC addresses access outbound(to the internet).
 
xphil3 said:
So you've heard of ACLs and port security but not MAC filtering in lower end soho equipment to do what you want to do? hmm.....
Click to expand...

Yeah, either that or my meds kicking in. :p

Seriously, I suppose that would be much better anyway than what I was looking for initially, which is port control, since no matter what you plug the cable into, if it's carrying the same MAC address you'll get blocked no matter what.
 
IMO I wouldnt use MAC filtering, its easy to bypass and hack.
I would do as you seem to have intended segment by 'port' on the router.
Place a segment of machines on the 'port' / VLAN / network segment of your choosing then place an ACL (firewall rule) on that segment/VLAN of no internet access.
 
shade_star said:
IMO I wouldnt use MAC filtering, its easy to bypass and hack.
I would do as you seem to have intended segment by 'port' on the router.
Place a segment of machines on the 'port' / VLAN / network segment of your choosing then place an ACL (firewall rule) on that segment/VLAN of no internet access.
Click to expand...

If you dont have physical security over your router then you dont have any security at all. just a rule i live by.


But this does stand to reason in a large enviroment where you have cables ran to god knows where and you cant always see the end connections. In your home mac filtering works fine.
 
You must log in or register to reply here.
Back
Top