-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
MAC-address access
- Thread starter Abyss13
- Start date
- Joined
- Nov 25, 2013
- Messages
- 7,776
Short answer: You can't.
Long answer: At least not easily and with just TrueNAS. You need a layer2 capable device like a manageable switch or a firewall between your TrueNAS and those devices. Or implement 802.1x for LAN access.
You might be able to hack the ipfw firewall that is builtin but it's definitely unsupported and manual command line wizardry.
Hint: MAC addresses can be set arbitrarily on the client device. They are way less "hardware defined" than people tend to believe. Hardware defined is only the default MAC address the interface uses unless told otherwise.
Long answer: At least not easily and with just TrueNAS. You need a layer2 capable device like a manageable switch or a firewall between your TrueNAS and those devices. Or implement 802.1x for LAN access.
You might be able to hack the ipfw firewall that is builtin but it's definitely unsupported and manual command line wizardry.
Hint: MAC addresses can be set arbitrarily on the client device. They are way less "hardware defined" than people tend to believe. Hardware defined is only the default MAC address the interface uses unless told otherwise.
- Joined
- Jan 1, 2016
- Messages
- 9,703
To extrapolate from what @Patrick M. Hausen mentioned, if you really want to do it, the way would be to use DHCP to associate the wanted MAC addresses with known IP addresses, then restrict to those known IP addresses in TrueNAS.
You're still (as mentioned) open to some levels of "attack" if people are prepared to figure out the permitted MAC addresses and fake them on devices of their choosing.
I have already implemented such a scheme with dhcp. the problem is that a person can manually register a local ip that is not busy and gain access to network resources. therefore, you need to make sure that network resources are available to certain devices. I understand that you can change the MAC address. but the bottom line is that in this case, a person needs to know the MAC of the device that is on the list of allowed for truenas
- Joined
- Nov 25, 2013
- Messages
- 7,776
Then look for a switch that can do layer 2 access lists.
According to the feature navigator the Cisco 2960L series can do MAC filtering. They are on the more affordable side of Ciscos offerings and come with a perpetual license - no yearly fees.
According to the feature navigator the Cisco 2960L series can do MAC filtering. They are on the more affordable side of Ciscos offerings and come with a perpetual license - no yearly fees.
