Overview
Kerio Control allows filtering by hardware addresses (MAC addresses). Filtering by MAC addresses ensures that specific devices can be allowed or denied, regardless of their IP Address.
MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists.
The MAC address filter is processed independently of traffic rules.
Solution
- In the administration interface, go to Security Settings.
- On the MAC Filter tab, select Enable MAC Filter.
- Select the network interface where the MAC filter will be applied (usually LAN).
- Select the filter mode:
- Prevent listed computers from accessing the network — The filter blocks only MAC addresses included in the list. This mode can be used to block known MAC addresses but does not filter traffic of new, unknown devices.
- Permit only listed computers to access the network — The filter allows only MAC addresses included in the list, any other address is blocked. Select the Also permit MAC addresses used in DHCP reservations or automatic user login option if you use automatic user login and DHCP reservation by MAC. MAC addresses allowed by automatic user login and DHCP reservations are not visible in the MAC addresses list (see below).
- Add MAC addresses to the list by clicking on the Add... button.
Enter the Description and the MAC address. You can use the following separator in the MAC addresses:- colons (e.g.:
a0:de:bf:33:ce:12
) - dashes (e.g.:
a0-de-bf-33-ce-12
) - no separators (
a0debf33ce12
)
- colons (e.g.:
- Double-check that listed addresses are correct.
- Click Apply.
Confirmation
Your Mac filter is fully configured and active.