IP/MAC Binding on green only?

NethServer Version: 7.6.1810
Module: Live Centos7

Is there a way to enable IP/MAC binding to block unknown clients for the green network only? I want to leave the blue network open for guest users to be able to do internet browsing without further config.

Thank You

Is the blue interface on the same physical network as the green interface? Or is it on a separate physical network?

its a vlan from the green

There are a couple of different ways to do it.

One way is defining the vlans on the managed switch so that the clients can automatically be assigned to the correct vlan depending on the port on the switch they connect to.

How many clients will be connecting to the green vlan?

1 Like

@bwdjames Do you mean to use soething like ‘port security’ (available on cisco managed switches)?
In the past I was responsible for implementing and administration of HW address based port security in a large environment (like 2000 clients) and I can say from experience: that is a hell-of-a-job…

Hello James,

I am thinking of reserving about 100 of IP’s for guest, it’s mainly going on a vlan configured for an SSID on our APs, on LAN i already configured client / host with static assigned IP’s, i am doing this config to secure my LAN from people bringing in devices and connecting to any open port. But on WIFI i want guest to get IP’s and Internet access without us doing further configurations tis going to be an open access for guest.

Thanks

@Jonar can you show me how you have configured DHCP?

Looking at the Firehol FAQ I think you have little chances to get it to work unless you introduce a new physical interface for the blue network:
https://firehol.org/faq/#virtual-interfaces

2 Likes

@robb I was thinking something like ‘port security’ yes

Hello Guys, apology for late reply I was out of the office this past few days

With this setup what im trying to achieve is that LAN will have sets of IP’s for office computers then the other green for other devices like CCTV’s then on the blue its suppose to give out IP’s to unknown clients but if i will think of security on the green zone that unknown client macs swill get blocked the same thing happens on blue.

BTW on the IP Reservation there’s no option for which zone your reservation goes.

I think the IP/MAC Validation goes for all the interfaces going to the RED, because both on green and blue if a client does not have a configured ip reservation they can’t browse internet.