We have been playing with a CRS326 for use in a SME environment.
Generally its behaving nicely for us. We’ve got dot1x working and MAC based VLANs playing nicely.
Has anyone got any experience of MAC filtering? E.g. I want to lock a specific port to the MAC address of the printer attached.
I’ve tried bridge filters, such as
/interface bridge filter
add action=drop chain=forward comment=
“Drop everything except 34:17:EB:7B:27:B2” disabled=no in-interface=
ether13 src-mac-address=!34:17:EB:7B:27:B2/FF:FF:FF:FF:FF:FF
But this doesn’t seem to work. Any pointers were we are going wrong?
Also with respect to dot1x we don’t think it is currently possible to have a fall back VLAN if the RADIUS authentication fails. Does anyone know if this is on the roadmap for future updates?