Hi All

I am trying to find out how to enable MAC filtering on my LAN. Basically, when a user connects to the network (either by a tagged WiFi or LAN port), it hits the draytek and they get an IP from the respective LAN / DHCP pool. This works fine, VLAN's and all.

What I want to happen is that when a user tries to connect the 3900 fires off a MAC authentication request to my RADIUS server, and if my RADIUS server sends an Access-Accept back, provide the user with DHCP and allow then on as normal. If an Access-Reject, they are not allowed on (either by not providing an IP or redirect to a captive portal/hotspot page).

Is it possible to limit LAN clients by MAC address like this?

Thanks

James

On the DrayOS models, using the internal DHCP server, there is a 'strict bind' facility which means an unrecognised MAC won't get an IP address (and maybe not given Internet access ?) so the V3900 may do similar...but surely if you're using Radius, it's up to the radius server to authenticate the MAC and if it doesn't, I'd assume the router would react - i.e. not give an address.

The proper redirect features, using for 3rd party Wifi portals and the like are on the DrayOS models like the V2862 I think. That uses Radius and redirects to a registration portal if the user is not authenticated but I don't think that's available on the V3900.

Thanks for the reply. Yeah, get what you're saying, but can't even find a setting to enable MAC auth on the LAN interface(s) on the V3900... so can't get it to talk to my RADIUS to begin with. Surprising that it lacks this feature!

Yes... I think you'll need a Vigor 2862 or whatever (or 3220 if you need 4 WANs but check).