Discuss EVDO PCMCIA Cards, ExpressCards, EVDO USB, PDAs, Phones, Coverage and Mobile Broadband Cards. Discuss Sprint & Verizon Coverage. CradlePoint CTR350, CTR500, PHS300, MBR900, MBR1000, MBR1200, PHS300. Discuss Improving signal with 3Gstore Antennas and Amplifiers.
EVDOforums.com
Discussion forum for EVDO users
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in   Login with Facebook 
Our sites Include: EVDO Info :: EVDO Forums :: EVDO Maps :: 3Gstore Blog :: 3Gstore.com

To purchase your EVDO Card / Antenna / Amplifier / Router from the EVDO Experts, just contact us!




Follow Us On:

twitter FaceBook EVDOinfo.com

Newest Cradlepoint firmware - no wired MAC filtering?

 
Post new topic   Reply to topic    EVDOforums.com Forum Index -> CradlePoint CTR35 / MBR95 / MBR1200B / MBR1400 / CBR / COR / ARC 3G 4G Router Support Forum
View previous topic :: View next topic  
Author Message
incredibull
EVDO Fledgling


Joined: 02 Feb 2011
Posts: 23

PostPosted: Thu Mar 08, 2012 2:14 pm    Post subject: Newest Cradlepoint firmware - no wired MAC filtering? Reply with quote

We currently use a number of CTR500 routers. We plan on upgrading these to either MBR1200B or MBR1400 routers in concert with 4G connection cards.

An immediate problem I've run into is that there does not appear to be any option for wired client MAC filtering in the newest Cradlepoint firmware releases. The CTR500 and other previous generation firmware devices have this option, and we use it to define a set of whitelisted wired clients that are allowed internet access.

Am I simply overlooking this feature in the newer firmware releases? The configuration interface is quite different, so I may have overlooked it, but so far as I can tell it doesn't appear to be an option at all. This is a potential dealbreaker.

Anyone know?
Back to top
View user's profile Send private message
cradlepoint-scott
Vendor


Joined: 19 Aug 2008
Posts: 295

PostPosted: Thu Mar 08, 2012 2:21 pm    Post subject: Reply with quote

@incredibull - you are correct. Currently there is no way to filter wired clients based on their MAC address. Sorry. If this is a feature you would like we would have to add it to our list and prioritize accordingly.
Back to top
View user's profile Send private message MSN Messenger
incredibull
EVDO Fledgling


Joined: 02 Feb 2011
Posts: 23

PostPosted: Thu Mar 08, 2012 3:08 pm    Post subject: Reply with quote

Scott,

Thanks for the confirmation. This is definitely a feature that I would like implemented. I understand that it is probably low on your list and not often requested, but please count me as one in support of this feature. Thanks!
Back to top
View user's profile Send private message
shipserv
EVDO Newbie


Joined: 19 Jun 2012
Posts: 1

PostPosted: Tue Jun 19, 2012 9:26 am    Post subject: Reply with quote

I have 26 MBR95's, all recently upgraded from CTR500's. I'm amazed that ability to filter wired clients has been dropped. Please count me in also as one who NEEDS this feature. Otherwise, I guess our company will have to look elsewhere. That would be too bad because other than that, we love the feature set of the Cradlepoint routers.
Back to top
View user's profile Send private message
incredibull
EVDO Fledgling


Joined: 02 Feb 2011
Posts: 23

PostPosted: Tue Jun 19, 2012 11:39 am    Post subject: Reply with quote

I am back as well.

Several firmware revisions have gone by since I made my initial post. We now too have deployed upwards of 30+ MBR95 routers to various mobile sites. They work very well, and we are very happy with their performance and feature set.

However, we're now running into problems with bandwidth usage on client PCs that were previously able to be blocked by the wired MAC filtering whitelist capability. Now we're looking at either adding additional hardware to the network, or software firewalls to these client PCs - neither of which is a good solution to this problem.

The problem is very simple.. The clients need access to LAN resources, but should not be allowed to access the internet. The Cradlepoint firmware used to make this very easy to accomplish without any additional hardware/software.

I spoke with a Cradlepoint support rep on the phone. He claimed that the feature works for wired clients, even though "it says it doesn't." A quick test on firmware 3.6.1 shows that this is untrue - MAC whitelists or blacklists still do nothing for wired clients.

This feature is very important.. I do not understand why this feature has only been implemented for wireless clients. At least give us the option to enable wired client filtering, as in the previous generation of firmware.
Back to top
View user's profile Send private message
cradlepoint-scott
Vendor


Joined: 19 Aug 2008
Posts: 295

PostPosted: Tue Jun 19, 2012 11:54 am    Post subject: Reply with quote

@incredibull and @shipserv - I hear you and I understand your frustration. Unfortunately, it's really not as simple as throwing on a option. In short, when we moved from one operating system to another we essentially lost the ability to do this effectively. We are able to accomplish this with Wireless clients because the radio hardware we use does it for us.
Believe me we are actively looking at ways to make this work.
In the mean time, have you thought about maybe using QoS to limit or prevent a specific client from using too much bandwidth?

I am also sorry that our support gave you incorrect information. I'll have to pass that along and make sure it gets corrected.
Back to top
View user's profile Send private message MSN Messenger
incredibull
EVDO Fledgling


Joined: 02 Feb 2011
Posts: 23

PostPosted: Tue Jun 19, 2012 12:00 pm    Post subject: Reply with quote

Thanks for the response Scott.. Having worked with NetBSD extensively, I am aware that there is some loss of functionality in its ipf firewall suite when compared to Linux.

I will look into the QoS features as an alternative means for the time being.
Back to top
View user's profile Send private message
cradlepoint-scott
Vendor


Joined: 19 Aug 2008
Posts: 295

PostPosted: Tue Jun 19, 2012 12:04 pm    Post subject: Reply with quote

incredibull wrote:
Thanks for the response Scott.. Having worked with NetBSD extensively, I am aware that there is some loss of functionality in its ipf firewall suite when compared to Linux.

I will look into the QoS features as an alternative means for the time being.


FYI - the QoS suggestion came to mind as I was writing the post so I haven't tested it myself. I know you can definitely limit the bandwidth of a client, but I have not tried preventing a client from having any bandwidth at all, i.e. '0'. If I get the time today, I'll try it myself.
Back to top
View user's profile Send private message MSN Messenger
cradlepoint-scott
Vendor


Joined: 19 Aug 2008
Posts: 295

PostPosted: Tue Jun 19, 2012 1:28 pm    Post subject: Reply with quote

Sorry guys - trying to do too many things at once.
I was gently reminded that on newer FW, support for QoS was removed. Embarassed
Back to top
View user's profile Send private message MSN Messenger
incredibull
EVDO Fledgling


Joined: 02 Feb 2011
Posts: 23

PostPosted: Sun Feb 09, 2014 1:06 pm    Post subject: Reply with quote

Scott, et al,

We have upgraded all of our MBR95s to 5.0.0. So far it's working great, however I'm still disappointed that there is no wired MAC filtering option.

Is it still a possibility to implement this? Should I stop hoping for it in a future release?
Back to top
View user's profile Send private message
cradlepoint-scott
Vendor


Joined: 19 Aug 2008
Posts: 295

PostPosted: Mon Feb 10, 2014 11:17 am    Post subject: Reply with quote

incredibull wrote:
Scott, et al,

We have upgraded all of our MBR95s to 5.0.0. So far it's working great, however I'm still disappointed that there is no wired MAC filtering option.

Is it still a possibility to implement this? Should I stop hoping for it in a future release?


Are you saying that you have tried the MAC Filtering under 'Network Settings -> MAC Filter' and it does not work for wired clients? Or are you assuming based on previous statements made in this thread? This thread was started almost 2yrs ago and yes we had some limitations on MAC filtering due to the fact that we were on the NetBSD architecture. Now we are using Linux as our base and there is nothing that should prevent you from filtering out MAC addresses, wired or wireless. If this is not working for you please let us know.
Back to top
View user's profile Send private message MSN Messenger
incredibull
EVDO Fledgling


Joined: 02 Feb 2011
Posts: 23

PostPosted: Wed Feb 12, 2014 3:03 pm    Post subject: Reply with quote

scott,

V5.0.0 firmware on MBR95

If I set MAC filtering to "whitelist" and specify a single MAC address, all other hosts on the wired network are still able to communicate with the MBR95.

The only thing I can think of is that the netfilter rules supersede the MAC filter. Since we have a handful of filtering rules on outbound traffic, one of the first rules is to allow all on 192.168.0.x/32 to 192.168.0.x/32 as a simple catchall for traffic directed to the router.

I have not tried MAC filtering alone with the netfilter ruleset disabled/open.
Back to top
View user's profile Send private message
incredibull
EVDO Fledgling


Joined: 02 Feb 2011
Posts: 23

PostPosted: Wed Apr 09, 2014 3:22 pm    Post subject: Reply with quote

Version 5.0.3, whitelist/blacklist still does not work on wired connections.

Is this feature simply abandoned?
Back to top
View user's profile Send private message
cradlepoint-scott
Vendor


Joined: 19 Aug 2008
Posts: 295

PostPosted: Wed Apr 09, 2014 3:26 pm    Post subject: Reply with quote

incredibull wrote:
Version 5.0.3, whitelist/blacklist still does not work on wired connections.

Is this feature simply abandoned?


"abandoned" is a subjective term.

I thought we agreed that the "whitelist/blacklist" feature works, but that because of other rules that was preventing it from working. Is that not correct?

That said, we are working on changing our firewall architecture, but I don't know if it is going to get "ported" to the MBR95 platform.
Back to top
View user's profile Send private message MSN Messenger
incredibull
EVDO Fledgling


Joined: 02 Feb 2011
Posts: 23

PostPosted: Fri Apr 25, 2014 12:01 pm    Post subject: Reply with quote

The idea about FW rules interfering with MAC filtering was just a shot in the dark theory.

I don't have an MBR95 to do testing with at the moment, so I had to wait until I could get on board a ship and test with one.

I backed up the config, and did a reset to defaults on the router.

The MAC filtering still does not work correctly for wired clients when set to "blacklist" mode, and a specific MAC address is specified. That MAC address can still ping the router and access the internet.

I even tried rebooting the router after entering the test MAC addresses. No go.

Additionally, this test was completed with FW v5.0.4.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    EVDOforums.com Forum Index -> CradlePoint CTR35 / MBR95 / MBR1200B / MBR1400 / CBR / COR / ARC 3G 4G Router Support Forum All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum







Buy from the 3G/4G Experts @ 3Gstore.com


Pantech UML290 3G/4G


MBR1400


MBR95


Peplink/Pepwave


MBR1200B


3G/4G Booster Antenna


3G & 4G Amplifiers






3G and 4G routers



Digg Us :: del.icio.us :: technorati :: furl

4G :: 4G Forums :: Pepwave :: Peplink :: CradlePoint :: Wilson Electronics :: CloudCams :: MBR1400