New in Firmware 1.35: Local MAC Authentication for Wireless Clients via AP Controller

Zyxel_Lynn
Zyxel_Lynn Posts: 71  Zyxel Employee
5 Answers First Comment Friend Collector

With firmware version 1.35, Zyxel firewalls gain a valuable enhancement for wireless security: local MAC authentication for wireless clients managed via the built-in AP Controller (APC).

What’s New?

Previously, Zyxel firewalls supported MAC address-based authentication only through external RADIUS servers. With this update, administrators can now authenticate wireless clients using a locally maintained MAC address database—right on the firewall.

This is especially useful for:

  • Small networks without external RADIUS infrastructure
  • Environments where device-based access control is needed (e.g., BYOD scenarios, guest Wi-Fi restrictions)

How Local MAC Authentication Works

When enabled, the AP-managed SSID will verify connecting wireless clients against a list of allowed MAC addresses stored on the firewall. If a client’s MAC address isn’t in the list, access is denied.

Use Case Example:

  • Allow only known corporate laptops and tablets to connect to the internal SSID
  • Block unknown or unauthorized devices from accessing the wireless network

How to Configure It

Step 1: Add MAC Users to the Firewall

  1. Navigate to Configuration > Object > User/Group > MAC User
  2. Add MAC addresses of the wireless devices you want to allow
    • Only hexadecimal values are accepted (e.g., AA:BB:CC:11:22:33)
    • No names, no special characters beyond the MAC format

Step 2: Set Up SSID with Local MAC Authentication

  1. Go to AP Controller > SSID Settings
  2. Under Authentication Type, select:
    • MAC-based authentication
    • Internal Authentication Server
  3. Set Authentication Server to Local

This tells the AP to use the firewall’s internal MAC list for authentication instead of an external server.

Step 3: Monitor Client Authentication

Once a client connects:

  • Go to Monitor > Wireless > Station Info to view connected clients
    • Authenticated MAC clients will show with the user ID as their MAC address
  • Check Log > View Log > Event Logs
    • MAC authentication successful for client [AA:BB:CC:11:22:33]

Summary of Benefits

Feature

Benefit

Local MAC Authentication

No need for external RADIUS setup

Easy Whitelisting

Allow only specific devices via MAC

Real-Time Monitoring

Log and monitor device access attempts

Tightened Wireless Security

Prevent unauthorized device access

By integrating local MAC authentication with the AP Controller, Zyxel firewalls now offer a more flexible and accessible solution for device-level wireless access control—ideal for environments where simplicity and security must go hand in hand.