Configuring MAC Filtering on Meru Controller.
KB ARTICLE TYPE: Configuration
RELATED PRODUCTS: Controller, AP
RELATED SOFTWARE VERSIONS: N/A
KEYWORDS: Controller, AP, MAC filtering
Permit ACL : It limits access to only those MAC addresses on the permit list
Deny ACL : specifically disallows access to those addresses (clients) on the deny list
For Controller ACL administration, the valid states are:
Disabled (default) : Both the permit and deny ACLs are inactive, even if they contain MAC addresses
Permit : Permit is enabled and deny ACL (if it exists) is disabled
Deny : Deny ACL is enabled and permit ACL (if it exists) is disabled
CONFIGURATION STEPS: Enabling the Deny ACL
GUI Steps : It can be configured from GUI by navigating through these TABs.
GUI > Configuration > MAC Filtering > ACL Deny Access Configuration > Click on Add > Add the MAC address > Click on ACL environment state after entering all the MAC addresses > Select Deny List Enabled > Click OK.
CLI Steps :
STEP 1 : MAC filtering is disabled by default. To change the state of MAC filtering so that the deny list is enabled, use the command:
meru(config)# access-list state deny
This can be verified by issuing following command:
meru# show access-list state
MAC Filtering (ACL) Configuration
ACL Environment State : deny
RADIUS Profile name :
Secondary RADIUS Profile Name :
meru#
Note : This step should be performed before adding MAC addresses
STEP 2 : Configuring a Deny ACL : Addresses can be added to a deny ACL list by specifying them as command arguments. To add one or more MAC addresses to the deny access control list, type the following:
meru(config)# access-list deny 00:44:94:51:ca:2f
meru(config)# exit
meru#
Click on the Save button to save the running configuration to the start-up configuration.
TEST RESULTS: Only the added client was unable to connect to the network.
LIMITATIONS IF ANY: Either “Permit” or “Deny” ACL can be configured at a time but not both.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.