Block Devices from Accessing My Network



  • Hello all this is my first post and apologize if this is not the correct location for this topic or if it has been answered already. During my searching I have not been able to find any posts around this topic.
    I am looking to see if psSense can resolve my issue and replace my current network.

    Currently I am using a Netgear Nighthawk R700 router and this router allows me to use a feature called "Access Control" which allows me to block all connected devices on my network and I will need to manually go into the config and approve the device (by MAC address) to be allowed on LAN or Wifi. This is great feature to add for security, however it drastically drops the performance of the through put of the router.
    I am using a fiber connection with 1gig up/down. When connecting directly to the PON (passive optical network) I can get speeds of 940Mbps down to 970Mbps Upload when connecting to through the Netgear router without Access Control I get 600Mbps Down and 700+Mbps Upload. With Access Control on it drops to 200Mbps Down and 230Mbps Upload.

    1- Does pfSense have this type of feature to control devices on the network?
    2- If I built a pfSense box would it resolve my through put issue while restricting access?

    I hope someone can help provide some details to see what direction I need to go to resolve my issue

    Thanks in advance,

    H20FRKS



  • PfSense can't filter on MAC addresses, but there is a work around.  You can map IP addresses to MAC addresses and only allow those IP addresses through.  You can also allow only specified MAC addresses to get an IP address.  Since these methods are done with the DHCP server, they will have no effect on performance.



  • Consumer boxes like the Netgear tend to have (not upgradable) weak cpu but friendlier management. Pfsense is a more generic solution with lots of possibilities but requires more expertise on your part on management and configuration, but just throw a better cpu at it if current hardware ain't cutting.



  • @JKnott:

    PfSense can't filter on MAC addresses, but there is a work around.  You can map IP addresses to MAC addresses and only allow those IP addresses through.  You can also allow only specified MAC addresses to get an IP address.  Since these methods are done with the DHCP server, they will have no effect on performance.

    Thank you JKnott for your quick response. If I leverage the "Deny Unknown Clients" feature on the DHCP within PpfSense. Do you know if the unknown client mac address would be recorded somewhere in a log?



  • @SammyWoo:

    Consumer boxes like the Netgear tend to have (not upgradable) weak cpu but friendlier management. Pfsense is a more generic solution with lots of possibilities but requires more expertise on your part on management and configuration, but just throw a better cpu at it if current hardware ain't cutting.

    SammyWoo, are you saying building a pfSense server with better hardware will not resolve the through put issue I have?



  • @H20FRKS:

    SammyWoo, are you saying building a pfSense server with better hardware will not resolve the through put issue I have?

    Just the opposite.



  • @SammyWoo:

    @H20FRKS:

    SammyWoo, are you saying building a pfSense server with better hardware will not resolve the through put issue I have?

    Just the opposite.

    Great thanks! I will continue my efforts to understand pfSense better and work on building a server.


Log in to reply