cancel
Showing results for 
Search instead for 
Did you mean: 

Can we add more than 256 MAC filter entries if i using more than two SSID on CloudIQ Connect?

Can we add more than 256 MAC filter entries if i using more than two SSID on CloudIQ Connect?

Saravana_inflow
New Contributor

Suppose if i using more than two SSID means, we can add more than 256 MAC Filter on Cloud IQ Connect Right?

1 ACCEPTED SOLUTION

Tomasz
Valued Contributor II

Hi Saravana,

 

If there is more MAC-related control you need to have going on, I’d recommend considering MAC authentication, either RADIUS-driven or NAC-driven (A3 or EAC if we talk about Extreme). This might help authorize devices in a more scalable way, it is the RADIUS service that is going to respond to the AP either with ACCESS-REJECT or additional attribute saying a certain device is allowed/disallowed to join. Furthermore, you can provide many other differentiators and make the response be different depending on some criteria such as time or location.

 

Hope that helps,

Tomasz

View solution in original post

4 REPLIES 4

systemscsn
Valued Contributor
Or you can just do that from within your DHCP server.  Create a Deny filter list, and then when you see the device on the network, right click it and add it to the Deny list. It will never get an IP.

I had to do that because we had a bunch of those shi**y FB Portal devices, and we had them connect via  USB-c ethernet dongle, but the nasty things woudl connect via wifi AND ethernet, so i blocked them by doing the above.

Just a thought.

Saravana_inflow
New Contributor
Hi Tomasz,

i am using MAC based Filtering while configuring SSID

Tomasz
Valued Contributor II

Hi Saravana,

 

If there is more MAC-related control you need to have going on, I’d recommend considering MAC authentication, either RADIUS-driven or NAC-driven (A3 or EAC if we talk about Extreme). This might help authorize devices in a more scalable way, it is the RADIUS service that is going to respond to the AP either with ACCESS-REJECT or additional attribute saying a certain device is allowed/disallowed to join. Furthermore, you can provide many other differentiators and make the response be different depending on some criteria such as time or location.

 

Hope that helps,

Tomasz

SamPirok
Community Manager Community Manager
Community Manager

I wouldn’t recommend that, the limit is in place because having an AP trying to run as normal and maintain a MAC filter list longer than that will have serious impacts on the performance of the AP. If you need to filter for a larger array of MAC addresses, I’d suggest doing this via your firewall or a content filter instead. 

GTM-P2G8KFN