Hello,
I found this 12 year old thread,
Block certain mac address to get ip from dhcp pool
and would like to know if it is now possible to prevent the assignment of IP addresses to specific MAC addresses.
Thanks
either you can put the computer on a vlan
How does one put a computer on a vlan in this context? He would need to be using a a switch that does mac based vlan assignments (a cheap netgear gs308t does this). I'm not sure how this is possible otherwise if the clients in question are on the same lan segment.
Simply defining a vlan in UTM is insufficient. Client needs to be placed on that vlan by some means - either mac based vlan switch, or vlan definition in the client nic settings. Unless i'm missing something, just defining a vlan in utm does nothing for the above considerations.
Using mac based vlan is quite simple. Assign client to a undefined vlan - that is a vlan which has no services available. Client will never get an ip, nor be able to access any other part of the lan.
Blocking by firewall isn't optimal either as that doesn't affect other mechanisms such as web proxy, which will allow access.
Toggling Clients with static mappings only in the UTM dhcp server setting achieves what the OP is after, so long as all other connected clients have been defined in UTM. Unknown clients get no dhcp assignment. This is a bit of using a sledge hammer on a picture nail type solution. What happens when a new unknown client is connected.... it won't have any network services.
OP's request seems quite simple, yet there doesn't appear to be an elegant simple solution of literally just not assigning an IP to a matched MAC.
Depending on the size of your network, it may work best to flip the logic and enable the static mappings toggle in the dhcp server. This will effectively assign IP's to defined clients and block all unknown.
Or, perhaps more detail with respect to why you're trying to block these clients?
Hello busthead ,
Thank you for reaching out to the community, you can create a network defination for the MAC Address [Path: Definitions & users > Network Definitions > MAC Address]
And then you can use the definition to allow/block !
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
just create a Network Host with static mapping and assign the MAC to a specific address outside the range of the DHCP server
I created the recommended Network Host definitions but the hosts are still being assigned IP addresses from my DHCP server:
Hi,
I think you need to define/select the DHCP server, that you want to prevent assigning address to this host like in my settings:
Mit freundlichem Gruß, best regards from Germany,
Philipp Rusch
New Vision GmbH, Germany
Sophos Silver-Partner
If a post solves your question please use the 'Verify Answer' button.
Ah! Gotcha. I'll try that...didn't work unfortunately:
Ah! Gotcha. I'll try that...didn't work unfortunately:
