MAC address filtering with Vyatta

We have an issue with people bringing devices in and connecting them on the network. Of course there are lots of solutions to alleviate this but the easiest way to do so is to do the following and apply it to the internal interfaces where the MAC address live.

#SETUP THE MAC FILTERING ON THE ROUTER

configure

set firewall name NOMAC

set firewall name NOMAC default-action accept

#SET THE RULES

set firewall name NOMAC rule 20 source mac-address xx:xx:xx:xx:xx:xx

set firewall name NOMAC rule 20 action drop

#REPLACE THE ETH0 With your local interface

set interfaces ethernet eth0 firewall in name NOMAC

#OPTIONAL FOR LOGGING

set firewall name NOMAC rule 20 log enable

commit

That should pretty much do it and block traffic for the MAC addresses going through the router.

Now just set up an individual rule for every MAC address that is causing the issues. :)