Description
This article describes that in a DHCP environment if the user wants to allow/block (control) a few users, this is possible via MAC Reservation + Access Control.
Scope
FortiGate.
Solution
A MAC Address Access Control List (ACL) allows or blocks access on a network interface that includes a DHCP server.
A MAC Address ACL functions is either a list of blocked devices or a list of allowed devices. This is determined by the 'Unknown MAC Address' entry.
- By default, the ACL is a list of blocked devices. The "Unknown MAC Address entry" Action is "Assign IP". Add an entry for each MAC address wanted to block and set its Action to "Block".
- To let the ACL allowing only a limited set of devices, set the "Unknown MAC Address entry" to "Block". Then, add the MAC address of each allowed device. Set Action to "Assign IP".
- Reserve the IP for the particular MAC address is also possible, so that every time that MAC address will get that particular reserved IP
Steps to create via MAC Reservation + Access Control
Go to Network -> Interface -> edit the Interface -> DHCP server -> Advanced.
On FortiOS version 7.2.x option 'MAC Reservation' looks like as per the snippet below:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.