Description
This article explains how to configure MAC filter on SSID.
Important Note:
• The MAC filter function is independent of the SSID security mode.
• To enable MAC filter on SSID, first configure the wireless controller address and address group. See instructions below.
Scope
Solution
To block a specific client from connecting to the SSID using MAC filter:
1. Create a wireless controller address with the client MAC address and set the policy to deny. In this example, the client MAC address is b4:ae:2b:cb:d1:72.
To allow a specific client to connect to the SSID using MAC filter:
1. Create a wireless controller address with the same MAC address as the client and set the policy to allow. In this example, the client's MAC address is b4:ae:2b:cb:d1:72.
This article explains how to configure MAC filter on SSID.
Important Note:
• The MAC filter function is independent of the SSID security mode.
• To enable MAC filter on SSID, first configure the wireless controller address and address group. See instructions below.
Scope
Solution
To block a specific client from connecting to the SSID using MAC filter:
1. Create a wireless controller address with the client MAC address and set the policy to deny. In this example, the client MAC address is b4:ae:2b:cb:d1:72.
# config wireless-controller address2. Create a wireless controller address group using the above address and set the default policy to allow.
edit "client_1"
set mac b4:ae:2b:cb:d1:72
set policy deny
next
end
# config wireless-controller addrgrp3. On the virtual access point (VAP), select the above address group.
edit mac_grp
set addresses "client_1"
set default-policy allow
next
end
# config wireless-controller vapAfter this configuration, the client (MAC address b4:ae:2b:cb:d1:72) will no longer be allowed to connect to SSID Fortinet-psk. Other clients will be able to connect to the SSID.
edit wifi-vap
set ssid "Fortinet-psk"
set security wpa2-only-personal
set passphrase fortinet
set address-group "mac_grp"
next
end
To allow a specific client to connect to the SSID using MAC filter:
1. Create a wireless controller address with the same MAC address as the client and set the policy to allow. In this example, the client's MAC address is b4:ae:2b:cb:d1:72.
# config wireless-controller address2. Create a wireless controller address group using the above address and set the default policy to deny.
edit "client_1"
set mac b4:ae:2b:cb:d1:72
set policy allow
next
end
# config wireless-controller addrgrp3. On the virtual access point, select the above address group.
edit mac_grp
set addresses "client_1"
set default-policy deny
next
end
# config wireless-controller vapAfter this configuration, the client (MAC address b4:ae:2b:cb:d1:72) will be allowed to connect to SSID Fortinet-psk. Other clients won't be able to connect to the SSID.
edit wifi-vap
set ssid "Fortinet-psk"
set security wpa2-only-personal
set passphrase fortinet
set address-group "mac_grp"
next
end
