Alternate options for the MAC filter list, which has a limit of 256 entries

  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hi everyone,

We have a customer on Hivemanager that has used close to their limit of 256 MAC addresses. There is no way through the gui to extend this from what I can see so far. The customer already uses .1x authentication as well, however still wants to limit access by devices (they are aware that this is not a 'security' feature, but still request the ability to limit to certain MAC's.

What are some alternative options for when we exceed 256 devices in the filter?


Photo of Matthys Witte

Matthys Witte

  • 1 Post
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Matthys,

Above 256, you would likely be exceeding the intended scope of the feature in HiveOS/HiveManager. I don't think HiveManager would be suited to the lifecycle/management overheads of maintaining MAC address lists that are larger.

To go further, I expect it is intended that you would use a third party RADIUS server such as NPS, FreeRADIUS or RADIATOR where there isn't such a limit and systems can be put in place to manage and work with large sets of MAC addresses.

For 802.1X, you get the client's MAC address in the Calling-Station-Id attribute of the Access-Request packets as EAP authentication takes place.
(The Service-Type attribute will have a value of Framed for 802.1X.)

If there is a perceived need, you can also use dedicated MAC address authentication and use the same attribute in the Access-Request packets, 'useful' for Open and PSK/PPSK protected SSIDs.
(The Service-Type attribute will have a value of Call-Check for dedicated MAC auth.)