mac based WLAN controlled by ATP
Freshman Member
Hello,
We are using an ATP as wireless controller with a few access points connected. Nebula is no option. We are broadcasting several SSIDs for different purposes (guests, internal use, VoIP). The backend for authentication is Active Directory on premise.
Now, I'm looking for a way to use mac-based authentication on WLAN/SSID "internal", which maps to VLAN 1 (default). Many articles I found so far either quickly refer to nebula, or assume I messed WLAN with VLAN, which is crap.
To make it clear: if possible, I like to avoid Mac-based auth on the wired part of VLAN 1, I just like to restrict the wireless part of it as passwords do not work well.
Thanks for your ideas.
All Replies
-
Hi @Seabob,
Regarding your use case, if your backend is Windows AD, we recommend setting it up through an NPS server that communicates with the AD server. This enables MAC-based authentication for your wireless clients, as APC-managed AP mode currently does not support AD authentication natively.
We appreciate your understanding.
Zyxel Tina
0 -
Dear Tina,
thanks for your quick response, but Windows-AD and NPS is not the main part of the question, it's just an option. I would be fine using MAC Filter Lists on the ATP for this particular SSID, too.
First of all I like to know whether my plan might work at all. I repeat: I like to have some mac-based filtering or authentication for the SSID "internal", which is supposed to be connected to VLAN1, but I like to leave the wired part of the same VLAN open.
In the end I like to restrict somehow, which laptop or mobile phone is able to connect to VLAN1 using WiFi. Cabled device are accepted.Thanks for follwing up on this.
Seabob0 -
One further clarification: many articles describe how to configure MAC-based authentication for an entire VLAN, I mean wired and wireless. This is the difference to my question, I just like to lock down the wireless part.
If I still need to use NPS for this, I'll go this way.0 -
Hi @Seabob,
Thank you for clarifying.
Yes. You can restrict WiFi access to the SSID (connected to VLAN1) using either a MAC Filter whitelist or MAC Authentication on the ATP, while leaving wired devices on the same VLAN unaffected.
For step-by-step configuration of MAC Authentication on your ATP for specific SSID, please refer to this article. Additionally, you can go to Configuration > Object > AP Profile > SSID > MAC Filter List. This provides an additional layer of security for an SSID, allowing you to block access or allow access to that SSID based on wireless client MAC addresses. If a client’s MAC address is on the list, then it is either allowed or denied, depending on how you set up the MAC Filter profile. You can have a maximum of 32 MAC filtering profiles on the Zyxel Device.
Zyxel Tina
0
Zyxel Employee
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 220 Nebula Ideas
- 128 Nebula Status and Incidents
- 6.5K Security
- 606 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 299 Service & License
- 482 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 105 Security Highlight
