Security's "Access Control" Function only blocks Internet Access for WIRED device
I just noticed this behavior. The WIRED device still can access another wired Win10 server's file sharing folders. Only the internet access is blocked.
So it does not look like the expected behavior that wired device not listed in White List should be totally blocked from accessing LAN network.
If the MAC address filtering settings are set into Broadcom BCM53134 switching IC, this behavior should not happen. :)
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hello @WayneHu
The Access Control Blacklist blocks all traffic from LAN to the Internet, it will not block the communication between LAN devices. If you need to block the internet access as well as the LAN communication for a specific device, I'm wondering why you connect it to the router, you may just leave it alone and disconnected from the router.
- Copy Link
- Report Inappropriate Content
OK. I got it. This [Access Control] function is not equal to [MAC Filtering]. As a result, any wired & whitelisted wireless devices still can communicate with each other within the LAN. :p
The following wording is probably the reason why I got it misunderstood.
- Copy Link
- Report Inappropriate Content
From my understanding, the wording should mean local network, maybe "Configure a Whitelist to only allow local communication between the specified devices with others"? How do you think?
- Copy Link
- Report Inappropriate Content
Hi Kevin,
From my usage experience with Buffalo / Netgear WiFi routers, the access control often means (wireless) MAC Filtering.
With Buffalo AC1750DHP + DD-wrt FW @ router mode, it only provides the first 5G wireless (wl0) and the first 2.4G wireless (wl1) interfaces MAC filtering options separately.
With Netgear R7000 + factory FW @ AP mode(the same chipset as above), its functionality is actually wireless device's MAC filtering only. The traffic sent among the wired ports are NOT blocked at all.
On AX90 V1 it is truly MAC address filtering for wireless devices, but obviously not for wired one. According to your suggested wording, it cannot explain why any of wired devices connected to this LAN and NOT listed on the whitelist still can communicate with each other. :p
I don't know if it is due to AX90 HW design to result in such behavior. Can you confirm if the following diagram is AX90 V1's chipset connecting topology? If so, it is somewhat more complex to implement wired port's MAC address filtering.
ps: In my case, WAN(1G) port is connected to VDSL modem, and LAN(2.5G) port is connected to my server.
- Copy Link
- Report Inappropriate Content
Now I can confirm this device's topology is like the above diagram instead of the following one because concurrent of two wired 1000BaseT devices to 2.5GBaseT wired one is still at 110 MB/s. One 1000BaseT wired and one 802.11ax to the 2.5GBaseT wire server can reach more than 200 MB/s throughput.
I think the HW topology is more like this due to the fact that BCM6755 only contains 1 RGMII/SGMII port and 1 GPHY port.
Unless there is 1 additional GPHY chip connected to BCM53134, it does not seem able to provide 2.5GBaseT port while it is still 1Gx2 link between BCM6755 and BCM53134.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 394
Replies: 5
Voters 0
No one has voted for it yet.