How can I activate L2/MAC Address Access Control list in 1 SSID catering 500+ clients?

  • 1
  • Question
  • Updated 2 weeks ago
  • Answered
How can I activate L2/MAC Address Access Control list in 1 SSID catering 500+ clients? As per forums and manuals, 1 ACL is just up to 128 MAC addresses.
Photo of Ryan T

Ryan T

  • 4 Posts
  • 0 Reply Likes

Posted 2 weeks ago

  • 1
Photo of Andrew Giancola

Andrew Giancola

  • 169 Posts
  • 53 Reply Likes
Howdy, you'll need to set up a radius server. As you noted, your design as it stands is beyond the capacity of the system. 
You may wish to try Cloudpath, that's what my org uses.
Photo of Ryan T

Ryan T

  • 4 Posts
  • 0 Reply Likes
Cloudpath is a great idea. Does it affects/consume bandwidth of the internet? as per your experience? 
Photo of Albert Pierson

Albert Pierson, Employee

  • 168 Posts
  • 143 Reply Likes
Hi Ryan,

Unfortunately, due to limits in the Radio Chip, you cannot assign more then one L2 ACL per WLAN/SSID so the limit is 128 MAC/Clients

The only option to control access via MAC address is to use MAC authentication which will require an external RADIUS server:

000001847 - mac authentication using radius server
13 Feb 2018


My Support Account ...  mac authentication using radius server Summary ... How to configure MAC authentication with RADIUS ... How to configure MAC authentication using radius server?

000001247 - MAC address filtering compared to MAC authentication
11 Jan 2014


MAC authentication checks the MAC address of the clients against a RADIUS server, and allows connection to MAC that is listed. ... Once authenticated the client traffic is allowed to pass.


Another very good option would be to use the Ruckus DPSK mechanism that assigns a personal PSK key to each user and binds this to a specific client device MAC address

Check the administration guide for the version of ZD/Unleashed code you may be running for details and check out the Knowledge base on support log that has many articles on DPSK usage.

I hope this information is helpful,

Thanks

Albert








Photo of Ryan T

Ryan T

  • 4 Posts
  • 0 Reply Likes
Yeah, radius server will do the trick. But i'm hoping that there's a workaround for the ZD to handle that kind of capacity.

Well, It's not that recommendable on my part as we are cloud based company. The only hardware we have is all network equipment. No physical servers and all cloud servers are handled by the other teams, meaning creating radius server is not on the list of resolution. :) 
Photo of Andrew Giancola

Andrew Giancola

  • 168 Posts
  • 53 Reply Likes
Thank you for the Like!
Ruckus sells cloud access to this product too, so you'll have nothing to stand up. Back to the workaround, How many APs do you have 500 users using?
Photo of Ryan T

Ryan T

  • 4 Posts
  • 0 Reply Likes
It's around 17 APs. We need to enable MAC filter for internal employees for security. I'll take a look on the cloudpath and see whether it a good fit on the requirement. Looking to put the MAC filtering on the CISCO switch but it seems only allows per port not per device.