This article explains how to configure MAC filtering policies. MAC Filtering is a policy-based mechanism for blocking or forwarding Layer 2 traffic on bridged WAN interfaces. MAC filtering is applied to all LAN or WIFI connected devices.
Only one policy may be applied per bridged interface. By default, all Layer 2 traffic is forwarded between the WAN and LAN interfaces.
MAC Filtering is only effective on ATM PBCs configured in Bridge mode. “Forwarded” means that all MAC layer frames will be forwarded except those matching with any of the rules specified in the following table. “Blocked” means that all MAC layer frames will be blocked except those matching with any of the rules defined in the rule table.
Preparation
- The rules in the Policy defined here determine whether traffic is to be forwarded or blocked. Each time the Policy is changed setting, all existing rules are removed automatically.
- An error message may appear if a bridged WAN service has been not been configured on the gateway stating, “No Bridge WAN Service found, Bridged WAN service is needed to configure this device”. Before proceeding, add or configure a Layer 2 interface with a Bridge type. Instructions are provided in How To Set Up WAN Bridging.
Step-by-Step Guide
- Log into the gateway’s GUI.
- In the left menu, click Advanced Setup > Security > MAC Filtering. The MAC Filtering Setup page appears.
- To create a new rule, click Add. The Add MAC Filter page appears.
- Select a Protocol Type. Options are PPoE, IPv4, IPv6, AppleTalk, IPX, NetBEUI, and IGMP.
- Fill in the Destination and Source MAC Address fields with the desired MAC addresses. Make sure to include colons.
- Select the Frame Direction. Options are WAN to LAN, LAN to WAN, and both directions.
- If multiple bridged interfaces are defined for your system, in the WAN Interfaces section, fill in the fields as applicable. Detailed scenarios are provided in the use cases below.
- Click Save/Apply.
Use Case: Block all traffic except to a specified MAC
For this scenario, the CPE is sitting behind an ONT. The desired setup would allow only communication from the ONT to a single specific PC. No other device may communicate through the SmartRG gateway, via LAN or WIFI. The diagram below illustrates this scenario.
For this scenario, settings (on the Add MAC Filter page) would be similar to those listed below:
- Protocol Type: IPv4
- Destination MAC Address: AA:BB:CC:44:55:66
- Source MAC Address: 11:22:33:AA:BB:CC
- Frame Direction: LAN<=>WAN
- WAN Interfaces: br_0_0_36/atm1.1
On the MAC Filtering Setup page, the result would look like the following screen capture.
Use Case: Allow all traffic except to a specified MAC
For this scenario, the CPE is connected directly to the Internet. The desired setup would allow all traffic except that to a specified MAC. With this setup, all traffic will be allowed to communicate through the CPE, LAN or WIFI, to all devices not specified in a MAC Filtering rule. The diagram below illustrates this scenario.
For this scenario, settings (on the Add MAC Filter page) would be similar to those listed below:
- Protocol Type: IPv4
- Destination MAC Address: AA:BB:CC:44:55:66
- Source MAC Address: 11:22:33:AA:BB:CC
- Frame Direction: LAN<=>WAN (Both directions)
- WAN Interfaces: br_0_0_35/atm0.l
On the MAC Filtering Setup page, to block traffic to the specified MAC address, click the Change checkbox in the Policy table and then click the Change button. The result would look like the following screen capture.
Setting up a Bridged WAN Service
- Log into the gateway's GUI.
- In the left menu, click Advanced Setup > WAN Service.
- Click Add.
- Select the Layer 2 interface that you want to use and click Next. The WAN Service Configuration page appears.
- Select the Bridging option.
- Configure the remaining settings as needed and click Next. The WAN Setup – Summary page appears.
- Review the settings and then click Apply/Save.
The bridged WAN service is configured.