Random Mac Addresses
RTtcv Newbie ✭
Is there a way on a TZ570 firewall to be able to stop Random Mac Addresses from receiving an IP address from the built in DHCP server? I can't figure out who or what is connected to see who is using too much bandwidth at times and or assign reservations to IP addresses when needed as the MAC addresses keep changing.
Category: Entry Level Firewalls
TKWITS Community Legend ✭✭✭✭✭
AFAIK this is not possible with the Sonicwall DHCP server.1
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
@RTtcv , have you checked the following KB article?
How To Restrict traffic from only selected MAC addresses using MAC-IP Anti-Spoof Protection
Thank you for the link and I will see if it will work to stop devices from giving out a random mac address and getting an ip address assigned. I'm trying to keep our guest database from getting out of hand as people will register the same device with a completely different mac address when they visit us and put their device on our guest network. It would work similar to a deny list to get an IP address from the firewall based on the suffix of a MAC address. I can perform a filtering on a windows DHCP server and get the same results. Basically looking for a DHCP filter like a windows DHCP server filter that I can use shortened mac addresses to deny devices access to get an IP address from the DHCP server if they are using a device with a random mac address. If you want a screen shot send me an email and I will show you what I am talking about. Windows servers have been able to do this for 20 years now.
Thanks for the answer. I'll be looking to another brand in the future. Random access macs are ok for public areas but being unable to perform a basic deny/allow as a DHCP server option that's been available on Windows servers for more than 20 years now on the corporate/vendor/guest wireless network is kind of important. I know I can slow them down based on VLAN/SSID but being able to keep them from connecting and blowing up a guest database is also important to me in my situation as well as providing priority connectivity for all wirelessly connected devices.
I dont know of a full implementation of this feature on other common non-Cisco firewall vendors.
PFsen** firewalls have this capability under the DHCP scope options. I'm going to check with an engineer at Palo Al** and see if they also have it. Mera*i's/Cisco have had this capability.
I've never touched PFSense or Palo so pardon my lack of information.
I may need to switch wireless vendors to Meraki for guest wifi areas as I can apply not allowing random access macs per SSID.
Here's instructions for a PFSense firewall or a Netgate firewall which is a pfsense box.
Go to Services --> DHCP Server
Scroll down to MAC Deny.
Paste this in:
This link is for Windows DHCP server: How to Enable and Configure DHCP MAC Address Filtering - TechNet Articles - United States (English) - TechNet Wiki (microsoft.com) and characters can be substituted with wild cards. Like A2--**-**-**_
These instructions don't block a device from spoofing another devices MAC, it keeps the device from getting an assigned DHCP address from the authorized DHCP server on the network/VLAN.
What do you do about nearly all modern phones/tablets generating a random MAC every time they connect to a network?
@A_Elliott I currently have no way to stop them from connecting with a random MAC and getting a DHCP address. I like the control that Meraki has per SSID. The BYOD devices all log into a VLAN that is separate from everything else but the guest network has a login portal that captures and logs the MAC addresses of every device that authenticates to a users account. Looking at some of the accounts in my guest portal application the accounts have more than 10 devices associated to their account depending on how frequently they connect to the guest network/portal.
Right, but that could just be one device that randomizes its MAC address every time it connects to the network.
@A_Elliott No that's by default on BYOD devices now. Even my phone which was set to use the phones MAC address switched to random mac addresses.