Configure MAC Access Control

You can configure the MAC access control lists to allow or deny wireless client connections based on the MAC addresses of the client devices. You can configure a list of denied and allowed MAC addresses in the Gateway Wireless Controller. Then, you can configure each SSID to use one of these lists to control wireless client access to your network.

The maximum number of denied and allowed MAC addresses is 256. We recommend that you limit the total number of denied and allowed MAC addresses to 50 addresses to avoid performance issues.

There are two types of MAC access control lists:

Denied MAC Addresses

To make sure certain wireless clients cannot connect to your AP device, you can add the MAC addresses of those wireless clients to the Denied MAC Addresses list. If you configure an SSID to use the Denied MAC Addresses list, any wireless clients with MAC addresses that are on this list are not allowed to connect to that SSID.

Allowed MAC Addresses

To enable certain wireless clients to connect to your AP device, you can add the MAC addresses those wireless clients to the Allowed MAC Addresses list. If you configure an SSID to use the Allowed MAC Addresses list, only wireless clients with MAC addresses that are on this list can connect to that SSID.

Edit the MAC Access Control Lists

To configure the denied and allowed MAC address lists:

  1. Select Network > Gateway Wireless Controller.
    The Gateway Wireless Controller page appears.
  2. Select the Settings tab.
    The MAC Access Control settings appear at the bottom.

Screen shot of the MAC Access Control tab

To add denied MAC addresses:

  1. In the Denied MAC Addresses section, click Add.
    The MAC Address dialog box appears.

Screen shot of the MAC Address dialog box

  1. In the MAC address text box, type the MAC address of a wireless client that you want to deny access to your AP devices.
  2. (Optional) In the Name text box, type a descriptive name to identify the wireless client in the list.
  3. Click Add.
    The MAC address is added to the Denied MAC Addresses list.

To add allowed MAC addresses:

  1. In the Allowed MAC Addresses list section, click Add.
  2. In the MAC address text box, type the MAC address of a wireless client that you want to allow access to your AP devices.
  3. (Optional) In the Name text box, type a descriptive name to identify the wireless client in the list.
  4. Click OK.
    The MAC address is added to the Allowed MAC Addresses list.

To delete a MAC address from either list, select the MAC address and click Remove.

Enable an SSID to Use MAC Access Control

To configure an SSID to deny access based on the MAC Access Control settings, you must enable MAC Access Control in the SSID settings.

From the Gateway Wireless Controller:

  1. On the SSIDs tab, select an SSID.
  2. Click Edit.
  3. Select the Use the MAC Access Control list defined in the Gateway Wireless Controller Settings check box.
  4. From the drop-down list, select a list: Denied MAC Addresses or Allowed MAC Addresses.
  5. Save the configuration file to the XTM device.

After you enable MAC Access Control for an SSID, the AP device uses the selected MAC Access Control list to determine whether to allow wireless clients to connect to that SSID.

See Also

Configure WatchGuard AP Device SSIDs

Configure Gateway Wireless Controller Settings

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base