Anyone got MAC filtering to work at the AP level?
I'm trying to deny a MAC to specific SonicWAVE 231c access points but it's not working. I've created the MAC object, I've put it in a new object group, I've chosen the group in the 2.4 Radio Basic settings page under Deny List, yet the clients keeps showing up on AP's with the filtering.
I've opened a ticket asked an engineer for help and trying to get it escalated. He's saying it's not possible yet the setting is right there on the page.
He wanted me to do mac exclusions on the SSID profile. Huh? The client is programmed to connect to one SSID. That's when I said, please escalate.
Waiting for a call back.
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
What is your sonicwall firewall Version?
and VAP topolgy? do you use Sonicwall Hotspot or external authantication system? can you share screenshot
Hi, It's on 7.01xxx, latest with a hotfix to cure random reboots.
They have 8 VAP objects on one VAP profile and one SonicWAVE profile.
Within each AP setting is the option to do mac filtering, and so I either create a group or use the Default Deny group. Either way the address object (mac, tied to on the specific wireless VLAN) it is ignored and the device will still connect to that AP.
Best practices... well, I shouldn't do it this way and I should instead adjust channels and power. I get that but the option is there in settings of each AP. Like many things by SonicWALL we have no whitepaper to explain how it was intended to be used. My guess is it was not intended to be used by AP's in a VAP group.
there are a few options for this.
1) Device/ Access Points/ Settings/ AccessPoint Provisining Profiles/ ACL settings.
2) Each Access Point Objects / submenu ACL settings for each Radio. .
3) Device/Access Points/Virtual Access Point/ VAP ACCESS POINT object/ each Object ACL settings
4) Device/Access Points/Virtual Access Point/ VAP ACCESS POINT Profiles/ ACL settings
5) For security you can use "DYNAMIC VLAN ID ASSIGNMENT" via radius eap authantication.
6) my suggestion is to test step by step only on one accesspoint. and check ACL Global enable and disable.
If you have radius server, assign authantication profile via dynamic vlan id and assign blocked zone (zombi zone for unauthanticated mac) best option.
My understanding is if you use ACL's it will not stop the device from connecting it will just not be able to pass traffic.