03-29-2019 06:31 AM
Solved! Go to Solution.
04-01-2019 01:19 PM
MAC Auth would be the best way to accomplish this via the APs, and we can host a Radius server on an AP if you want so you wouldn't need to set up an external server for this to work. This guide includes how to set up an internal Radius server (hosted on an AP) and how to set up MAC auth- https://thehivecommunity.aerohive.com/s/article/Radius-SSID-in-NG
You could also set up PPSK with MAC binding, so that the first device the end user enters their credentials in to is the only device that will be allowed to log on with those credentials. You can set this up to allow multiple devices per PPSK credential as well. This also would not require that you know all of the MAC addresses you want on the network ahead of time, so the set up is a bit less cumbersome than Radius MAC auth.
Otherwise I would recommend using a content filter or network firewall to block an MAC addresses you don't want on your network, but this would be external to the Aerohive set up.
04-02-2019 01:01 AM
Hello Sam.
Thank you for support.
Your commnet was very helpful.
Regads.
Yoshii
04-01-2019 01:19 PM
MAC Auth would be the best way to accomplish this via the APs, and we can host a Radius server on an AP if you want so you wouldn't need to set up an external server for this to work. This guide includes how to set up an internal Radius server (hosted on an AP) and how to set up MAC auth- https://thehivecommunity.aerohive.com/s/article/Radius-SSID-in-NG
You could also set up PPSK with MAC binding, so that the first device the end user enters their credentials in to is the only device that will be allowed to log on with those credentials. You can set this up to allow multiple devices per PPSK credential as well. This also would not require that you know all of the MAC addresses you want on the network ahead of time, so the set up is a bit less cumbersome than Radius MAC auth.
Otherwise I would recommend using a content filter or network firewall to block an MAC addresses you don't want on your network, but this would be external to the Aerohive set up.
04-01-2019 07:03 AM
Hello Sam.
Thank you for support.
We can be confirmed that 256 MAC addresses can be registered per one SSID by Mac based fillterling function.
but you do not recommend that setting do you?
If we want to restrict communication based on the MAC address of many clients, what kind of method can be considered?
Is the recommended method MAC authentication method?
However, this is not desirable for us because it requires a RADIUS server.
Pelase advise me.
Yoshii
03-29-2019 06:33 PM
We strongly recommend using a content filter for large MAC filter lists. The APs can handle filtering for a few MAC addresses but they were not designed to work as both a content filter and a wireless access point, and you will notice a slow down in client traffic if the MAC filter get's too large.
