• March 23, 2019, 07:40:41 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Infoblox - MAC address filters  (Read 6430 times)

0 Members and 1 Guest are viewing this topic.

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3839
    • michaelfmcnamara
    • Michael McNamara
Infoblox - MAC address filters
« on: March 07, 2012, 02:45:23 PM »
This week we're implementing the MAC filtering capability in our Infoblox appliances.

The goal is to prevent unauthorized devices from connecting to our internal wired/wireless networks and obtaining a DHCP IP address. The specific problem we had was people connecting their personal devices to our internal wireless network. They were able to-do this because they had valid user credentials (they are employees) and Apple makes 802.1X/EAP authentication to a WPA/WPA2 network pretty easy.

With the MAC filter in place the Infoblox appliances will only provide a DHCP IP address to any device that is listed in the MAC list (filter).

I did take the time over the past 60 days to build a "grandfather" list so the initial implementation would be less painful. I essentially dumped all the MAC addresses from Infoblox every 3 hours to a MySQL database. I then compiled a list of unique (SELECT DISTINCT(MAC) FROM TABLE) MAC addresses from the MySQL database and used that to build my initial MAC list.

I had 14,221 entries in the initial MAC filter which caused our database utilization to grow by 3%.

Our approach to BYOD is to allow employees (with their managers approval) the ability to connect to the public WiFi network from which they can connect to our Juniper or Citrix NetScaler environments for remote access.

Anyone else doing MAC filtering in their DHCP servers or at the Ethernet port level?

Cheers!
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!


Offline Flintstone

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 955
Re: Infoblox - MAC address filters
« Reply #1 on: March 07, 2012, 04:17:42 PM »
Michael,

I think I have mentioned to you before that at the Ethernet port level we use 802.1x and MAC filtering where not supported.  A bit of pain to manage but at least we control access at the edge?

CheerZ