Skip to main content
Configure the allowed IP/MAC addresses on the port
Last update:

Configure the allowed IP/MAC addresses on the port

Port traffic with a security group can only be sent from a single IP/MAC address pair that is assigned at the adding a port to a subnet. If traffic from addresses not specified on the port is transmitted through the port, such traffic will be blocked. To allow traffic from addresses that are not specified on the port, you must add authorized IP/MAC addresses to the port settings.

For example, if you have self-deployed on a cloud server:

  • VPN server — you need to allow all IP addresses (subnetwork 0.0.0.0/0);
  • Kubernetes cluster with CNI Calico in Direct routing mode — you need to allow the subnet that is used in the cluster. No configuration is required for CNI Flannel.

If additional addresses are not needed, you can to remove them from the port.

Configuring allowed addresses is not required in clusters Managed Kubernetes, cloud databases, cloud-ready 1C and also on cloud servers created from images from the annexes. All the necessary settings for them have already been made.

Add Allowed IP/MAC Addresses

A maximum of 10 additional IP/MAC address pairs can be added per port.

Add Allowed Addresses per Port on a Private Subnet

  1. in control panels from the top menu, press Products and select Cloud servers.

  2. Go to the section Network → tab Private networks.

  3. Open the network page → tab Ports.

  4. In the port card, in the security groups field, click .

  5. If you want to allow all IP addresses, click Allow all IP addresses for VPN. Traffic from the subnet will be allowed 0.0.0.0/0 with the default MAC address of the port.

  6. If you want to allow traffic from specific addresses:

    6.1. Press Add an IP/MAC pair.

    6.2 Enter the IP address or subnet in CIDR format.

    6.3 Optional: Enter a MAC address that matches the IP address, or leave the MAC address of the default port.

    6.4 To add another address pair, repeat steps 6.1 through 6.3.

  7. Click Save.

Add Allowed Addresses per Port on a Public Subnet

  1. in control panels from the top menu, press Products and select Cloud servers.

  2. Go to the section Network → tab Public subnets.

  3. Open the subnet card → tab Ports.

  4. On the port line, in the field Security groups click .

  5. If you want to allow all IP and MAC addresses, click Allow all IP addresses for VPN. Traffic from the subnet will be allowed 0.0.0.0/0 with the default MAC address of the port.

  6. If you want to allow traffic from specific addresses:

    6.1. Press Add an IP/MAC pair.

    6.2 Enter the IP address or subnet in CIDR format.

    6.3 Optional: Enter a MAC address that matches the IP address, or leave the MAC address of the default port.

    6.4 To add another address pair, repeat steps 6.1 through 6.3.

  7. Click Save.

Delete Allowed IP/MAC Addresses

Remove allowed addresses from a port on a private subnet

  1. in control panels from the top menu, press Products and select Cloud servers.

  2. Go to the section Network → tab Private networks.

  3. Open the network page → tab Ports.

  4. In the port card, in the security groups field, click .

  5. On the address pair line, click .

  6. Click Save.

Remove authorized addresses from a port on a public subnet

  1. in control panels from the top menu, press Products and select Cloud servers.

  2. Go to the section Network → tab Public subnets.

  3. Open the subnet card → tab Ports.

  4. On the port line, in the field Security groups click .

  5. On the address pair line, click .

  6. Click Save.