ADVANTECH Router App Layer 2 Firewall User Guide

June 13, 2024
Advantech

ADVANTECH Router App Layer 2 Firewall

ADVANTECH-Router-App-Layer-2-Firewall-PRODUCT

Product Information

The Layer 2 Firewall is a router app developed by Advantech Czech s.r.o. It allows users to specify filtering rules for data incoming to the router based on the source MAC address. The rules are processed on the Data link layer, which is the second layer of the OSI model. Unlike other firewall apps, the Layer 2 Firewall applies the rules to all interfaces, not just the WAN interface.

Module Usage

The Layer 2 Firewall router app is not included in the standard router firmware. To use this app, you need to upload it, and the process is described in the Configuration manual found in the Related Documents chapter.

Description of the Module

The Layer 2 Firewall router app allows you to define filtering rules for incoming data based on source MAC addresses. This means you can control which data packets are allowed or blocked at the second layer of the OSI model. The module’s functionality is available on all interfaces, providing comprehensive protection for your network.

Web Interface

After installing the module, you can access its graphical user interface (GUI) by clicking on the module name in the router apps page of the router’s web interface. The GUI consists of a menu with different sections: Status, Configuration, and Customization.

Configuration Section

The Configuration section contains the Rules page for defining the filtering rules. Make sure to click the Apply button at the bottom of the page to save any changes made.

Customization Section

The Customization section only includes the Return item, which allows you to switch back from the module’s web page to the router’s web configuration pages.

Rules Configuration

  • To configure the filtering rules, go to the Rules page under the Configuration menu section. The page provides 25 rows for defining the rules.
  • To enable the entire process of filtering, check the checkbox labeled “Enable filtering of layer 2 frames” at the top of the page. Remember to click the Apply button to apply any changes made.
  • Note that if you disable incoming packets for all MAC addresses (empty definition field), it will result in the inability to access the router for administration. In such cases, performing a hardware reset of the router will restore it to its default state, including the settings of this router app.

Advantech Czech s.r.o., Sokolska 71, 562 04 Usti nad Orlici, Czech Republic Document No. APP-0017-EN, revision from 12th October, 2023.

© 2023 Advantech Czech s.r.o. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photography, recording, or any information storage and retrieval system without written consent. Information in this manual is subject to change without notice, and it does not represent a commitment on the part of Advantech.
Advantech Czech s.r.o. shall not be liable for incidental or consequential damages resulting from the furnishing, performance, or use of this manual.
All brand names used in this manual are the registered trademarks of their respective owners. The use of trademarks or other
designations in this publication is for reference purposes only and does not constitute an endorsement by the trademark holder.

Used symbols

  • Danger – Information regarding user safety or potential damage to the router.
  • Attention – Problems that can arise in specific situations.
  • Information – Useful tips or information of special interest.
  • Example – Example of function, command or script.

Changelog

Layer 2 Firewall Changelog

  • v1.0.0 (2017-04-20)
    First release.

  • v1.0.1 (2020-06-05)
    Fixed bug in coexistence with other iptables rules.

  • v1.1.0 (2020-10-01)
    Updated CSS and HTML code to match firmware 6.2.0+.

Module usage

This router app is not contained in the standard router firmware. Uploading of this router app is described in the Configuration manual (see Chapter Related Documents).

Description of the module
Layer 2 Firewall router app can be used to specify filtering rules for data incoming to the router based on source MAC address. The rules are processed on Data link layer, which is second layer of the OSI model, and are applied to all interfaces, not just for WAN interface.

Web interface
Once the installation of the module is complete, the module’s GUI can be invoked by clicking the module name on the router apps page of router’s web interface.
Left part of this GUI contains menu with Status section, followed by Configuration section which contains the configuration page Rules for definition of the rules. Customization section contains only the Return item, which switches back from the module’s web page to the router’s web configuration pages. The main menu of module’s GUI is shown on figure 1.

Rules configuration
Configuration of the rules can be done on Rules page, under Configuration menu section. Configuration page is shown on figure 2. There are twenty five rows for the rules definition.
Each line consists of the check box, Source MAC Address field and Action field. Checking the checkbox enables the rule on the line. Source MAC address must be entered in double dots format and is case insensitive. This field can be left blank, which means it match all the MAC addresses. An action can be set to allow or to deny option. Based on that, it allows incoming packets or denies incoming packets. The rules are processed from the top to the bottom. If a MAC address of an incoming data match the condition on a rule line, it is evaluated and the processing is terminated.

Checking the check box called Enable filtering of layer 2 frames at the top of the page will enable the entire process of filtering. To apply any changes on the Rule configuration page the Apply button at the bottom of the page must be clicked on.

Disabling incoming packet for all MAC addresses (empty definition field) will cause impossibility of administration access to the router. The only solution then will be to perform HW reset of the router which will set the router to the default state including the setting of this router app.

Configuration example
On figure 3 is shown an example of rules configuration. In this case incoming communication from only four different MAC addresses is permitted. The fifth line with deny action must be set up to restrict communication from all other MAC addresses. The source address for this line is empty, so it match all MAC addresses.

ADVANTECH-Router-App-Layer-2-Firewall-FIG-3

Module status
Current global status of the module can be listed on Global page under Status section as shown on figure 4.

ADVANTECH-Router-App-Layer-2-Firewall-FIG-4

Related Documents

  • You can obtain product-related documents on Engineering Portal at icr.advantech.cz address.
  • To get your router’s Quick Start Guide, User Manual, Configuration Manual, or Firmware go to the Router Models page, find the required model, and switch to the Manuals or Firmware tab, respectively.
  • The Router Apps installation packages and manuals are available on the Router Apps page.
  • For the Development Documents, go to the DevZone page.

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals