MAC address lists

  • 1
  • Question
  • Updated 5 years ago
  • Answered

Is it possible to use a MAC access list to control the access to clients?

From a teachers' perspective this would save them needing to enter a PPSK. However it would not be useful for BYOD of course, where PPSK would need to be used.
I prefer to use a simple PPSK such as only made of digits to keep it simple.

I understand there may be a limit of saving 128 MAC address in an AP?

Photo of Jason Hills

Jason Hills

  • 78 Posts
  • 3 Reply Likes

Posted 5 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
The reason for the limit, as far as I know, is that the moment you need more than that, you should be using appropriately configured external RADIUS service.

Using 802.1X is vastly superior to what you have in mind as you can easily control access based on a user's identity rather than their device's,
Photo of Jason Hills

Jason Hills

  • 78 Posts
  • 3 Reply Likes
Thanks for reply. Yeah they have a Linux LDAP service but are not using the RADIUS functionality of the APs unfortunately.
They only wantto reduce the need for the teachers to use a PPSK code. Since teachers already have a username I should recommend they login via RADIUS so they get their appropriate access rights, however they prefer PPSK.

Even if it was possible to use a mac access list, it would be limited to 128? is that correct.
I'll let him know it's not how user access is intended to be

I would like to suggest their staff student SSID should use 802.1x and visitor access use PPSK.

Photo of Ralph Malone

Ralph Malone

  • 21 Posts
  • 1 Reply Like
I use ppsk with teachers they prefer it because they only have to enter it once and away they go. I divide them into groups with the PPSK list and give them 3 concurrent connections per PPSK. This works great and noone needs to remember a thing.