IP/MAC Binding
Subject: Limiting Client Connections on the Wi-Fi Network
I am reaching out to seek your expertise regarding an issue with limiting client connections on one of our Wi-Fi networks. Here are the details of the situation:
- Hardware used: Wi-Fi access points managed by a VPN100.
- Network topology: a VLAN dedicated to the Wi-Fi network, with a DHCP server operating via a tunnel.
Issue Encountered
To restrict client connections, I enabled the IP/MAC Binding feature on the VLAN, expecting the router/firewall to automatically block communications from clients without a reserved IP address. However, during testing, I observed that:
- Unauthorized clients continue to receive an IP address from the DHCP server.
- These clients can still communicate freely on the VLAN despite the IP/MAC Binding being enabled.
I am wondering if this behavior is due to a missing or incorrect configuration, or if the implemented solution requires specific adjustments. Do you have any recommendations for effectively isolating unauthorized clients or enforcing strict IP/MAC Binding?
All Replies
-
Have you enabled IP/MAC Binding and DHCP Enforcement?
so if a Unauthorized client find the MAC of authorized MAC and clone it they are allowed
Or any new client and MAC is allowed by IP/MAC Binding because the reserved IP/MAC list is not a only allow these to connect.
So you would need a switch to do MAC limiting but really if they have the Wifi password thats why they are allowed in the first place or you can have other SSID password on another VLAN.
0 -
The DHCP is enabled on the VLAN, and the settings are correctly configured. This network is designed for mobile devices. However, a persistent issue arises from the latest versions of Android, which allow connection sharing via QR codes, making access control challenging and particularly frustrating.
I also noticed that the access points’ settings offer the possibility of authenticating MAC addresses via Active Directory. This might be a potential solution to strengthen connection control.
I am available to provide further details about the configuration or the tests conducted so far. Thank you in advance for your assistance.
0 -
Hi @CCVO
To better control which devices can connect to your SSID, we recommend configuring MAC Authentication directly on your access points. This ensures that only devices with approved MAC addresses are allowed to connect, providing a more reliable access control mechanism.
You can follow this step-by-step guide for setting up MAC Authentication:
[AP Controller] Setting Up MAC Authentication on Wireless Network — Zyxel Community
Kay
See how you've made an impact in Zyxel Community this year!
0 -
Merci
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight