Hi to all.

Having a problem with my setup. I have standard 2820 routers (not wifi). Users connect on to the system wirelessly via ap700 onto a windows server based network.

Its seems some people are using iphones / /personal devices etc on the network which I want to block, DCHP is on the windows server.

I need to block at mac address level as IP addresses change often on DHCP. Binding IP to MAC on the router doesnt work well as DCHP is on windows server, will end up blocking genuine users.

I also need to do this on a 2950 router too.

Iv'e seen http://www.draytek.com/user/SupportAppnotesDetail.php?ID=13 but this option is not on my routers?

Thanks,

Hi,

First, what version of Windows Server are you using.
Have you thought about using reservations on your Windows DHCP server. This is what I do at work and I only let authorised devices connect.

Now, since you say you are using the AP700, have you thought of setting the MAC allow list in it to only allow known MACs access to the network, this would be pretty easy to setup.

John

There's MAC address filtering using blacklists or whitelists from the Wireless LAN - Access Control section, which wont work for the first person I guess.

There is another, more roundabout way to block people based on MAC addresses using a 2820 using 3.3.5 or later firmware.

First of all, you need to go to Objects Settings then IP Object and make an object on there - you can give it an appropriate name then select MAC address as the address type and enter it in there.
You can then add that to an IP group if you want to block lots of people with one rule.

From there go to Firewall - Filter Rules - #2 Default Data Filter and on there edit the source IP and select the IP objects / groups you've made.
You would then put the action for that group as Block Immediately - that then blocks them completely from internet access through the router.