July 2020 Archives

Thu Jul 16 11:44:23 +07 2020

Add MAC address to the filter for SMC smart classroom

Smart classroom are set to use the specific SSID SMC.In order to prevent anyone using that SSID, a filtering has been setup on the MAC addresses of the devices that are allowed to connect to that wireless network.

The operating system DD-WRT used on the WiFi access points in CSIM does not allow MAC filtering per SSID, only per interface, so the filtering has to be done at the wouter level.

  1. Connect to CSIM router.

  2. List the existing MAC filtering rules withe the command:
    show firewall name SMCOutFilter
    
    The result should look like:
    IPv4 Firewall "SMCOutFilter":
    
     Active on (eth3.13,IN)
    
    rule  action   proto     packets  bytes                                   
    ----  ------   -----     -------  -----                                   
    1     accept   all       119375   14027513                                
      condition - MAC xx:xx:xx:xx:xx:xx
    
    2     accept   all       2817     597981                                  
      condition - MAC yy:yy:yy:yy:yy:yy
    
    10000 drop     all       1902     121212                                  
    
    vyatta@vyatta:~$
    
  3. Enter Vyatta configuration mode, use the command:
    configure 
    
  4. Choose the next available rule, in the above example rule 3 and add a new rule:
    set firewall name SMCOutFilter rule 3 action accept 
    set firewall name SMCOutFilter rule 3 source mac-address xx:xx:xx:xx:xx:xx
    set firewall name SMCOutFilter rule 3 description "name of the devicce"
    

    Where xx:xx:xx:xx:xx:xx is the MAC address of the device and name of the devicce is a short description of the device, it;s owner, etc.

  5. Verify the new rule:
    show firewall name SMCOutFilter
    
    You expect to see the following in the listing:
    +rule 3 {
    +    action accept
    +    description "name of the devicce"
    +    source {
    +        mac-address xx:xx:xx:xx:xx:xx
    +    }
    

    The symbol + at the begining of the line means the rule has been added but is not yet committed.

  6. Commit the new rule:
    commit
    
    And save the configuration:
    save
    
  7. Tules are deleted with the command:
    delete firewall name SMCOutFilter rule n
    

    Where n is the number of the rule to be deleted.

    This had to be committed and saved too.


Posted by Olivier | Permanent link