MAC Filtering

Media Access Control (MAC) filtering can be used to exclude or allow only listed client stations to authenticate with the access point. MAC authentication is enabled and disabled per VAP on the Networks page. Depending on how the VAP is configured, the WAP device may refer to a MAC filter list stored on an external RADlUS server, or may refer a MAC filter list stored locally on the WAP device.

Configuring a MAC Filter List Locally on the WAP device

The WAP device supports one local MAC filter list only; that is, the same list applies to all VAPs that are enabled to use the local list. The filter can be configured to grant access only to the MAC addresses on the list, or to deny access only to addresses on the list.

Up to 512 MAC addresses can be added to the filter list.

Configuring MAC Filtering

To configure MAC filtering:

 1. Select Wireless > MAC Filtering in the navigation pane.

 2. Select how the WAP device uses the filter list:

 • Allow only stations in the list—Any station that is not in the Stations List is denied access to the network through the WAP device.

 • Block all stations in list—Only the stations that appear in the list are denied access to the network through the WAP device. All other stations are permitted access.

Note The filter setting also applies to the MAC filtering list stored on the RADIUS server, if one exists.

 3. In the MAC Address field, enter the MAC address to allow or block and click Add.

The MAC address appears in the Stations List.

 4. Continue entering MAC addresses until the list is complete, and then click Save. The changes are saved to the Startup Configuration.

Note To remove a MAC address from the Stations List, select it and then click Remove.

Note After new settings are saved, the corresponding processes may be stopped and restarted. When this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients.

Configuring MAC Authentication on the RADIUS Server

If one or more VAPs are configured to use a MAC filter stored on a RADIUS authentication server, you must configure the station list on the RADIUS server. The format for the list is described in this table:

RADIUS Server Attribute

Description

Value

User-Name (1)

MAC address of the client station.

Valid Ethernet MAC address.

User-Password (2)

A fixed global password used to look up a client MAC entry.

NOPASSWORD