Description
This article describes that in a DHCP environment if the user wants to allow/block (control) a few users, this is possible via MAC Reservation + Access Control.
Scope
FortiGate.
Solution
A MAC Address Access Control List (ACL) allows or blocks access on a network interface that includes a DHCP server.
A MAC Address ACL functions is either a list of blocked devices or a list of allowed devices. This is determined by the 'Unknown MAC Address' entry.
Steps to create via MAC Reservation + Access Control.
Go to Network -> Interface -> edit the Interface -> DHCP server -> Advanced.
Available actions:
One option is available: 'Unknown MAC Address', this option is used in case the MAC address is unknown and for setting an action for all those 'Unknown MAC Address'.
Type :
Regular = Use this for regular LAN users
IPsec = Use for the IPsec client to site users
On FortiOS v7.2.x option 'MAC Reservation' looks like as per the snippet below:
Create an IP address assignment rule to block, reserve, or assign IP using the MAC address
This will block the MAC address to receive IP from the DHCP Pool:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.