New in Firmware 1.35: Local MAC Authentication for Wireless Clients via AP Controller





With firmware version 1.35, Zyxel firewalls gain a valuable enhancement for wireless security: local MAC authentication for wireless clients managed via the built-in AP Controller (APC).
What’s New?
Previously, Zyxel firewalls supported MAC address-based authentication only through external RADIUS servers. With this update, administrators can now authenticate wireless clients using a locally maintained MAC address database—right on the firewall.
This is especially useful for:
- Small networks without external RADIUS infrastructure
- Environments where device-based access control is needed (e.g., BYOD scenarios, guest Wi-Fi restrictions)
How Local MAC Authentication Works
When enabled, the AP-managed SSID will verify connecting wireless clients against a list of allowed MAC addresses stored on the firewall. If a client’s MAC address isn’t in the list, access is denied.
Use Case Example:
- Allow only known corporate laptops and tablets to connect to the internal SSID
- Block unknown or unauthorized devices from accessing the wireless network
How to Configure It
Step 1: Add MAC Users to the Firewall
- Navigate to Configuration > Object > User/Group > MAC User
- Add MAC addresses of the wireless devices you want to allow
- Only hexadecimal values are accepted (e.g.,
AA:BB:CC:11:22:33
) - No names, no special characters beyond the MAC format
- Only hexadecimal values are accepted (e.g.,
Step 2: Set Up SSID with Local MAC Authentication
- Go to AP Controller > SSID Settings
- Under Authentication Type, select:
- MAC-based authentication
- Internal Authentication Server
- Set Authentication Server to Local
This tells the AP to use the firewall’s internal MAC list for authentication instead of an external server.
Step 3: Monitor Client Authentication
Once a client connects:
- Go to Monitor > Wireless > Station Info to view connected clients
- Authenticated MAC clients will show with the user ID as their MAC address
- Check Log > View Log > Event Logs
- MAC authentication successful for client [AA:BB:CC:11:22:33]
Summary of Benefits
Feature | Benefit |
---|---|
Local MAC Authentication | No need for external RADIUS setup |
Easy Whitelisting | Allow only specific devices via MAC |
Real-Time Monitoring | Log and monitor device access attempts |
Tightened Wireless Security | Prevent unauthorized device access |
By integrating local MAC authentication with the AP Controller, Zyxel firewalls now offer a more flexible and accessible solution for device-level wireless access control—ideal for environments where simplicity and security must go hand in hand.
Categories
- All Categories
- 438 Beta Program
- 2.7K Nebula
- 189 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 458 USG FLEX H Series
- 304 Security Ideas
- 1.6K Switch
- 81 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 279 Service & License
- 438 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 91 Security Highlight