WR31 MAC Filtering - filters all traffic on ETH1 including the allowed list

matthew.r.hannon · September 23, 2020, 2:35pm

I have a WR31. I am trying to get MAC filtering to work such that only a single computer (w/ a known MAC address) can SSH to a device connected to ETHERNET 1 port. When I enable MAC filtering on ETH1 w/ the known MAC address to let through the WR31 appears to filter out all traffic to ETH1 including the computer it should be allowing through. Can anyone suggest a method to debug this issue? Also note I have set up eth0/1 into port isolated mode. Thank you very much!

Anny · October 28, 2020, 4:38am

Hi Matthew and Welcome to Digi Forum,

From your description, I understand that the allowed computer is connected to ETH 0 and the SSH accessible device is on ETH1. If that is the case, you should enable the MAC filter on ETH0 as this feature will apply on incoming packets on the interface where the filter is enabled (not for the outgoing packets.
From the User Guide (https://www.digi.com/resources/documentation/digidocs/90001019/default.htm#tasks/t_configure_ethernet_mac_filtering.htm%3FTocPath%3DConfiguring%2520network%2520interfaces%2520|Configure%2520Ethernet%2520interfaces|_____6)

“Ethernet MAC filtering restricts which Ethernet devices can send packets to the router. If MAC filtering is enabled on an Ethernet interface, only Ethernet packets with a source MAC address that is configured in the MAC Filter table will be allowed. If the source MAC address is not in the MAC Filter table, the packet will dropped.”

I hope this helps, in case you still have issues, please send us an email to tech.support@digi.com with IMEI of the device and a debug.txt file (https://www.digi.com/support/knowledge-base/how-to-extract-the-debug-txt-file-from-a-digi-tran) so we can open a case to further assist.

Please also review Digi Support Level options here: https://www.digi.com/support

Thanks!

Anny
Digi Technical Support Team

matthew.r.hannon · October 28, 2020, 2:47pm

Hello,

I really appreciate you taking the time to respond to my question.

I think there was a miscommunication regarding my setup that I should have been more explicit about illustrating in my original question. Namely the computer that I want to be able to SSH to the device connected to port ETH1 is not physically connected to ETH0. It is a computer on some external network that is trying to access the SSH’able device through the cellular network to the WR31 and then through ETH1 which should only allow for this specific computers MAC address through.

With this updated information does it change the possible answer to the question you kindly proposed?

Thank you very much for your time!
-Matt

Topic		Replies	Views
Does the WR11 XT have support for partial MAC filtering? Digi TransPort WR (Series) mac , wr11 , mac-filtering	4	570	September 14, 2016
IP Filtering in WR31 Digi TransPort WR (Series) connectport , ip , - , wan , wr31	1	585	April 5, 2018
Firewall Digi wr21 Digi TransPort WR (Series) wr21 , firewall	1	561	March 19, 2018
WR31 NAT1:1 between Eth 0 and Eth 1 Digi TransPort WR (Series) routing , wr31	2	594	February 5, 2018
Shutting off unused Ethernet Ports in WR21 Digi TransPort WR (Series) ethernet , wr21 , ports , eth , shutoff	1	555	October 9, 2017

WR31 MAC Filtering - filters all traffic on ETH1 including the allowed list

Related topics