Hi All

I know its possible to add a Wireless MAC Access list to a DrayTek Router but Is it possible to add a Wired MAC Access list to a DrayTek ?

Basically i want 2 devices plugged into the router which will be allowed to access the router / internet service but authorised because their MAC addresses are on the accept list...

The only way i can think of is to setup MAC to IP and then setup a Filter in the Firewall to accept outbound traffic on the required IPs...

Any advice would be appreciated.

I typed this reply in about 5 times now, and the flamin' forum software keeps inviting me to login, every time I hit "Preview" and then loses all the text ... it's ended up rather terse

If you really want to authenticate the device 'on to the wire', then 802.1x is probably (part of) the answer: https://www.draytek.co.uk/support/guides/kb-wired-8021x

But personally, I think a VLAN will suffice...

See: https://www.draytek.co.uk/information/our-technology/vlans

If the 2 devices are currently plugged into a switch shared with other devices, you'll need to upgrade it to one that supports VLAN-tagging (unless they happen to have a network adapter that supports VLAN tags). But if they're already in their own ports on the Router, you should just be able to make it 'port-based'.

Just using 'Bind MAC to IP' won't really give you what you want: a) it could be circumvented by reconfiguring the device to have a static IP address and b) those devices would still have access to the LAN (that traffic staying in the 'switch' section ... and not travelling through the firewall)

Bind IP to MAC should work for this. IF the Strict Bind option is enabled, the router will only communicate with the MAC addresses in the Bind IP to MAC list, using the specified IP addresses.

802.1x on the LAN ports is another option but that's a bit more work to set up.

admin3 wrote:
Bind IP to MAC should work for this. IF the Strict Bind option is enabled, the router will only communicate with the MAC addresses in the Bind IP to MAC list, using the specified IP addresses.

Agreed that 'Strict Bind' is a useful part of the armoury, but if applied with no other changes, then every device on that LAN would have to appear in the 'Bind IP to MAC' list.

hornbyp wrote:
I typed this reply in about 5 times now, and the flamin' forum software keeps inviting me to login, every time I hit "Preview" and then loses all the text ... it's ended up rather terse

Ahh, it isn't only me then , maybe the server has cornavirus :evil: It is getting rather silly with being logged in but having to login again to read/reply/type. Also seen many replies simply vanish upon hitting the reply button. Time to use a decent software
phpPBB is appallingly bad.