I have two FortiAPs on a customers Site and a lot of smart home devices. All of them use 2.4 Ghz and connect to only one AP. I switched on FortiAP and Frequency Hand-off but that doesn't change much. Is there a way to allow only specific MAC addresses to a FortiAP? I know I can do it by SSID but the smart home devices are all in the same SSID.
It can be done by creating different wtp-profile for each AP and apply deny-mac-list under wtp-profile. Instead of allowing only specific MAC addresses, this will deny these specific MAC addresses forcing them to connect to other bssid.
FortiWiFi# config wireless-controller wtp-profile
FortiWiFi (wtp-profile) # edit Profile1
FortiWiFi (Profile1) # config deny-mac-list
deny-mac-list List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.