How do I configure and run MAC Filtering tests?
Some residential gateway routers offer LAN side filtering of packets based on source MAC address. Typically a list of MAC addresses is defined on the DUT as well as whether this is an allow list or a deny list. For an allow list, the DUT allows traffic sourced from those MAC addresses on the network; traffic sourced by any other MAC address is blocked. For a deny list, the DUT blocks traffic sourced from those MAC addresses on the network; traffic sourced by any other MAC address is allowed.
CDRouter’s mac-filter.tcl module allows this functionality to be
tested. In order to run these tests, several testvars need to be set
in the CDRouter configuration file.
supportsMacFiltering
must be set to yes to run any
MAC Filtering tests.
testvar supportsMacFiltering yes
macFilteringPolicy
reflects whether the DUT is
configured to allow or deny its list of MAC addresses and should be
set to allow or deny.
testvar macFilteringPolicy deny
Up to 10 filtered MAC addresses can be tested. These are defined as
filteredMac1, filteredMac2, etc. and should reflect the list of
filtered MAC addresses configured on the DUT. Some tests require an
IPv4 address to be associated with the filtered MAC address, so each
filteredMac
testvar should be paired with a filteredMacIp
testvar. The IP addresses should be on the
LAN side network of the DUT.
testvar filteredMac1 00:11:22:33:44:55
testvar filteredMacIp1 192.168.1.55
testvar filteredMac2 00:11:22:33:44:56
testvar filteredMacIp2 192.168.1.56
Finally, a MAC address that is NOT filtered by the DUT should be defined as well as an IPv4 address for it. This MAC address should not be in the list of filtered MAC addresses configured on the DUT.
testvar unfilteredMac 00:11:22:33:44:99
testvar filteredMacIp 192.168.1.99
Skipped Tests
Some tests in the mac-filter.tcl module test the allow capabilities
of the DUT; others test the deny capabilities of the DUT. The allow
tests will be skipped if macFilteringPolicy
is set to
deny. Likewise, the deny tests will be skipped if macFilteringPolicy
is set to allow.
Caveats
If the DUT is configured to deny its list of MAC addresses, be sure the regular LAN MAC address CDRouter uses IS NOT in its list. By default, the regular LAN MAC address CDRouter uses is based on the cdrouterOui testvar, but it can be changed by setting the lanMac testvar.
If the DUT is configured to allow its list of MAC addresses, be sure the regular LAN MAC address CDRouter uses IS in this list or else other tests will be affected. Also, any other MAC addresses (such as from a PC used to configure the DUT) should be included as well.
