How can I bypassed clients by MAC when connected to captive portal SSID?

Zyxel_HsinBo

To implement MAC filtering bypassed for specific captive portal SSIDs, follow these steps:

Step-by-Step Configuration:

1. Configure SSIDs with Captive Portal and Nebula Cloud Authentication
   1. Go to Nebula > Configure > Access Points > SSID Settings.
   2. Enable Advanced Mode and click on Add SSID Network to create SSID A.
   3. Click the Edit button for SSID A and ensure the SSID is Enabled.
   4. Select Nebula Cloud Authentication under Network Access > Sign-in Method.
   5. Set the Strict Policy to Block all access until sign-on under Captive Portal Advanced Settings.
   6. Configure additional SSID settings as required.
2. Set Up MAC Address Allowance Policies for Each SSID
   1. Go to Nebula > Clients.
   2. Click on Show Policy Clients on the right side and select Access Point Clients from the dropdown menu.
   3. Click Add Client to create an allowance policy for SSID A. Enter a name, add the MAC address, and set the policy to To Specific SSID with SSID A as Allowed.
   4. Repeat this process for all SSIDs and the corresponding MAC addresses as required.

Notes:

• Devices with random MAC addresses, such as iPhones or Android devices, need to have the correct MAC address configured for the policy to work as intended.

Expected Scenario:

• Devices with a specific allowance policy for SSID A will bypass the Captive Portal and gain direct access to the internet.
• Devices without a specific policy will be prompted with a Captive Portal and need to log in with a username and password to gain access.