I have a WR31. I am trying to get MAC filtering to work such that only a single computer (w/ a known MAC address) can SSH to a device connected to ETHERNET 1 port. When I enable MAC filtering on ETH1 w/ the known MAC address to let through the WR31 appears to filter out all traffic to ETH1 including the computer it should be allowing through. Can anyone suggest a method to debug this issue? Also note I have set up eth0/1 into port isolated mode. Thank you very much!
Hi Matthew and Welcome to Digi Forum,
From your description, I understand that the allowed computer is connected to ETH 0 and the SSH accessible device is on ETH1. If that is the case, you should enable the MAC filter on ETH0 as this feature will apply on incoming packets on the interface where the filter is enabled (not for the outgoing packets.
From the User Guide (https://www.digi.com/resources/documentation/digidocs/90001019/default.htm#tasks/t_configure_ethernet_mac_filtering.htm%3FTocPath%3DConfiguring%2520network%2520interfaces%2520|Configure%2520Ethernet%2520interfaces|_____6)
“Ethernet MAC filtering restricts which Ethernet devices can send packets to the router. If MAC filtering is enabled on an Ethernet interface, only Ethernet packets with a source MAC address that is configured in the MAC Filter table will be allowed. If the source MAC address is not in the MAC Filter table, the packet will dropped.”
I hope this helps, in case you still have issues, please send us an email to firstname.lastname@example.org with IMEI of the device and a debug.txt file (https://www.digi.com/support/knowledge-base/how-to-extract-the-debug-txt-file-from-a-digi-tran) so we can open a case to further assist.
Please also review Digi Support Level options here: https://www.digi.com/support
Digi Technical Support Team
I really appreciate you taking the time to respond to my question.
I think there was a miscommunication regarding my setup that I should have been more explicit about illustrating in my original question. Namely the computer that I want to be able to SSH to the device connected to port ETH1 is not physically connected to ETH0. It is a computer on some external network that is trying to access the SSH’able device through the cellular network to the WR31 and then through ETH1 which should only allow for this specific computers MAC address through.
With this updated information does it change the possible answer to the question you kindly proposed?
Thank you very much for your time!