Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] Can I manage network or Internet access by MAC address?

0

0

Article ID: KB5170 KB Last Updated: 09 Sep 2019Version: 5.0
Summary:
Operator wants to manage or restrict user access to network resources by MAC address.  Is this possible?
Symptoms:
  • Can I manage or restrict user access to network resources by MAC address?
  • Filter based on a layer 2 MAC address?
  • Block by MAC address?
Solution:

Juniper NetScreen firewalls are layer 3 (Network Layer) devices. MAC addresses operate at layer 2. Juniper has no plans to support this.

Additionally, it is relatively easy to "spoof" a MAC address which would render this type of filtering ineffective for rigorous enforcement.

If the firewall also provides the DHCP support to the network a very weak protection could be accomplished by restricting the target MAC address to a specific IP address, then blocking that IP address. This would only work for non-malicious or intentional attempts to over-ride the control (for example the user could simply give themselves a fixed IP address which is in the permitted range).

The most effective method for managing access is a formal Network Access Control (NAC) methodology.

Modification History:
2019-08-26: Article reviewed for accuracy.  Minor format changes.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search