Configuring MAC Filtering

I' ll have to check further but the MAC filter list on the Fortigate may have been replaced by radius-mac-auth where your you would configure your radius server with the allowed MAC IDs

It doens' t make sense that i must configure radius server because in the current state mac filtering is working with the MAC configured in the previous version but every new mac i' m trying to add via user access-list can' t connet to the ssid. I just can' t understand where it configured to mac filter in this version. edit : this is the error i see in the firewall WiFi logs when trying to connect with new device i just added to user access-list: " STA denied due to BYOD-ACL on association" edit 2: found that if i had my new device mac to the head of the " device-access-list" list it works, so i can understand from this test that the length of this list is limited? please put some light on the issue?

As i said i' m using v5 GA 2 and i still have " config user device-access-list" which is the key to mac filtering. Also, as i said, i did some tests and i figure that only the new mac i add (60+) are not working, when i move the new one i just added to the top of the list it does connect to the wifi! so, some idea? some limitations?

Have you tried to configure MAC address authentication via Radius? config wireless-controller vap edit vap1 set radius-mac-auth enable set radius-mac-auth-server 192.168.1.95 end from: http://goo.gl/sDbFcw

I dont have radius server in my lan

radius-mac-auth is RADIUS-based MAC authentication. It is different than BYOD feature, which is enhancement of mac-filter-list. For your BYOD question, I think it is related to how you set up your device-access-list. The first matching member in the list has higher priority, so if a device falls into multiple member in your list, the action of the first member will be effective.