IP/MAC Binding

CCVO
CCVO Posts: 8  Freshman Member
First Comment Third Anniversary

Subject: Limiting Client Connections on the Wi-Fi Network

I am reaching out to seek your expertise regarding an issue with limiting client connections on one of our Wi-Fi networks. Here are the details of the situation:

  • Hardware used: Wi-Fi access points managed by a VPN100.
  • Network topology: a VLAN dedicated to the Wi-Fi network, with a DHCP server operating via a tunnel.

Issue Encountered
To restrict client connections, I enabled the IP/MAC Binding feature on the VLAN, expecting the router/firewall to automatically block communications from clients without a reserved IP address. However, during testing, I observed that:

  • Unauthorized clients continue to receive an IP address from the DHCP server.
  • These clients can still communicate freely on the VLAN despite the IP/MAC Binding being enabled.

I am wondering if this behavior is due to a missing or incorrect configuration, or if the implemented solution requires specific adjustments. Do you have any recommendations for effectively isolating unauthorized clients or enforcing strict IP/MAC Binding?

All Replies

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited December 20

    Have you enabled IP/MAC Binding and DHCP Enforcement?

    so if a Unauthorized client find the MAC of authorized MAC and clone it they are allowed

    Or any new client and MAC is allowed by IP/MAC Binding because the reserved IP/MAC list is not a only allow these to connect.

    So you would need a switch to do MAC limiting but really if they have the Wifi password thats why they are allowed in the first place or you can have other SSID password on another VLAN.

  • CCVO
    CCVO Posts: 8  Freshman Member
    First Comment Third Anniversary

    The DHCP is enabled on the VLAN, and the settings are correctly configured. This network is designed for mobile devices. However, a persistent issue arises from the latest versions of Android, which allow connection sharing via QR codes, making access control challenging and particularly frustrating.

    I also noticed that the access points’ settings offer the possibility of authenticating MAC addresses via Active Directory. This might be a potential solution to strengthen connection control.

    I am available to provide further details about the configuration or the tests conducted so far. Thank you in advance for your assistance.

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,210  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @CCVO

    To better control which devices can connect to your SSID, we recommend configuring MAC Authentication directly on your access points. This ensures that only devices with approved MAC addresses are allowed to connect, providing a more reliable access control mechanism.

    You can follow this step-by-step guide for setting up MAC Authentication:

    [AP Controller] Setting Up MAC Authentication on Wireless Network — Zyxel Community

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • CCVO
    CCVO Posts: 8  Freshman Member
    First Comment Third Anniversary

    Merci

Security Highlight