[NEBULA] How to control and secure network access with client policy (MAC filter)?

Zyxel_Joslyn Posts: 360  Zyxel Employee
First Anniversary Friend Collector First Answer First Comment
edited November 2023 in Other Topics

Where to find: Clients > Client list

Function description: This function is used to do MAC filter for the stations. We can add the station into whitelisted called “Allow list” which can bypass the Captive portal, add into “Block list” which will be blocked to access the SSID, and "To specific SSID" allow to connect specific SSID. 

These rules can be found in "Show policy clients".

Scenario: The customer's station MAC address is 34:DE:1A:11:11:AA. It is allowed to bypass the captive portal authentication. 


1. The station has connected to the AP, so we can know the MAC address via Client page.

    a. Go to Clients > Client list > Choose Access point . Choose the client and add a policy rule.

    b. The station can be searched via "Show policy clients", and we can see the detail in the Policy.

2. The station is not connected to the AP, but we know the MAC address. So we can add the MAC address and assign a rule for it.

    a. Go to Clients > Client list. Click "Add client", and add the station details. Then click "OK".

    b. The client can be found in Show policy clients.


1. Clients are not added into the policy client will get the policy as Normal.

2. Maximum block policy for wireless client is 512 entries per site. Site with over 512 wireless client policies after Nebula phase 12 launch can keep existing entries but cannot create additional policies until removing other wireless client entries.