04-03-2008 04:23 AM
Hi,
I wish Ironport will add to the WSA feature to allow MAC blocking .,,reason was if a client had no active directory..theyre purely on freeware like linux or so..
just suggesting :-)
04-03-2008 05:00 PM
I have filed the following enhancement to make sure this gets some official visibility:
40523 - Enhancement: Ability to create policies using MAC addresses as source triggers
04-03-2008 06:09 PM
Unfortunately MAC blocking adds very little value in most environments.
By their nature, MAC addresses are only visible on a local subnet, and thus in order to do anything based on MAC address you would need all clients and the WSA itself to be physically located on the same network segment, which is going to be a very unusual setup in everything but the most small networks.
If you want to do any level of control by MAC address the best way is to use a DHCP server to do static MAC-IP address mappings, and then block the users on the IronPort using the IP address.
04-04-2008 06:06 AM
In some unusual cases like a client doesnt have a static configuration environment...theyve got dhcp network type of setup and yes its very odd on this kind of client .
This is i guess a rare case where a client doesnt have an AD...where WSA can be configured to do LDAP authentication or SSO..
The reason why i posted this topic is to address some clients if they do need MAC blocking.
I recommended to the client to have an AD for the LDAP authentication or
create a pool for users with internet access and without internet so WSA can determine via its IP ranges from the dhcp pool that was created.
my 5 cents :-)
04-04-2008 04:56 PM
In some unusual cases like a client doesnt have a static configuration environment...theyve got dhcp network type of setup and yes its very odd on this kind of client
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: