User Tools

Site Tools


network:mac_address_filtering

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
network:mac_address_filtering [2010/04/21 16:01]
walter
network:mac_address_filtering [2021/05/02 21:36] (current)
Line 1: Line 1:
-  * Log into dvorak +====== MAC Address Whitelist ======
-  * Open the server manager, if it does not open automatically (it should be pinned to your taskbar) +
-  * In server manager expand:+
  
-    Roles > DCHP > dvorak.acm.cs > IPv4 > Filters+====== White-list Policies ====== 
 +  - Only ACM members can be added to the white-list permanently  
 +  - Guest access can be given out temporarily for events 
 +  - Devices must be registered using the users account name 
 +  - Everyone must fill out the network registration form {{:​network-application-11-02-12.odt|}}
  
-  * Right click on "​Allow"​ and click "new filter"​ +====== Managing ​the white-list ======
-  * Enter the mac address in the "Mac address"​ field +
-  * In the description field enter "<​full name> ​<system type>",​ where system type is Desktop, Laptop, Server, Xbox, etc.+
  
- +Management of the LAN/WLAN white-list is done using a script called mac_filter
  
-ex.+  - SSH into acm.cs.uic.edu/​chopin.acm.cs 
 +  - Run the mac_filter command as root with sudo ie "sudo mac_filter -opts"​ 
 +  - Use the -h flag for check the **current** command instructions 
 +  - The command will automatically add that user to the white-list, regenerate the list for the DHCP server, and then restart it.
  
-{{:mac_ex.png|}}+====== Banning a user ====== 
 + 
 +People given DHCP admin access have the ability to ban user accounts that our on the whitelist, but **ONLY** if they broken the network usage rules listed on the network access form or if they are not longer eligible for access as deemed so by the ACM officers 
 + 
 +__ACM officers and systems admins are to be informed of infractions.__ 
 + 
 +Ban a user 
 +<​code>​ 
 +sudo mac_filter -B <​user_name>​ 
 +</​code>​ 
 + 
 +__Un-banning is to be decided on by the ACM Officers/​SysAdmin__ 
 + 
 +Un-ban a user 
 +<​code>​ 
 +sudo mac_filter -W  
 +</​code>​ 
 + 
 +====== Giving a non Admin white-list permissions ====== 
 + 
 +  - Log onto the ACM Windows Server 
 +  - Find that users account and move them into the Admins OU located inside the PAID OU 
 +  - Right click->​add to group 
 +  - Add then to the group ACMDHCPAdmins 
 +  - They now have access to edit the white-list 
 + 
 +====== Notes on temp access ====== 
 + 
 +  * Non-members get temp network access via the '​temp'​ account used with the command 
 +  * Temp access is good until 1am Monday of every week, the list is cleared automatically 
 +  * Non-members must reapply for access after each event
  
network/mac_address_filtering.1271865674.txt.gz · Last modified: 2021/05/02 21:36 (external edit)