Network > Address Objects
219
SonicOS Enhanced 4.0 Administrator Guide
The following illustrates a packet dissection of a typical DNS dynamic update process, showing
the dynamically configured host 10.50.165.249 registering its full hostname
bohuymuth.moosifer.com with the (DHCP provided) DNS server 10.50.165.3:
In such environments, it could prove useful to employ FQDN AOs to control access by
hostname. This would be most applicable in networks where hostnames are known, such as
where hostname lists are maintained, or where a predictable naming convention is used.
Controlling a Dynamic Host’s Network Access by MAC Address
Since DHCP is far more common than static addressing in most networks, it is sometimes
difficult to predict the IP address of dynamically configured hosts, particularly in the absence of
dynamic DNS updates or reliable hostnames. In these situations, it is possible to use MAC
Address Objects to control a host’s access by its relatively immutable MAC (hardware) address.
Like most other methods of access control, this can be employed either inclusively, for
example, to deny access to/for a specific host or group of hosts, or exclusively, where only a
specific host or group of hosts are granted access, and all other are denied. In this example,
we will illustrate the latter.
Assuming you had a set of DHCP-enabled wireless clients running a proprietary operating
system which precluded any type of user-level authentication, and that you wanted to only allow
these clients to access an application-specific server (e.g. 10.50.165.2) on your LAN. The
WLAN segment is using WPA-PSK for security, and this set of clients should only have access
to the 10.50.165.2 server, but to no other LAN resources. All other wireless clients should not
be able to access the 10.50.165.2 server, but should have unrestricted access everywhere
else.