modified on 9 March 2009 at 21:41 ••• 10,223 views

MAC ACL Editing

From Ubiquiti Wiki

Jump to: navigation, search

Contents

MAC Access Control List (ACL) Management

Author: Skyhook 28 February 2009
Contents: How to configure MAC ACL in AirOS
Remark: Tested on AirOS version 3.3.1 (applicable for AP and AP WDS modes only)

Introduction

MAC Access Control List (ACL) provides ability to allow or deny certain clients to connect to the AP (applicable for AP and AP WDS modes only). This is useful to manage wireless network topology, load balancing associated stations to APs with same SSID, but is the weakest security approach. WEP (not recommended, very poor), WPA™ or WPA2™ security methods shoud be used when possible.
Note: MAC Access Control List is avaible only if AirOS device is running in AP/AP-WDS mode.

As detailed in AirOS Wireless Security, there are two ways to set the Access Control List:

  • MAC ACL Policy Allow: only wireless devices in the list will have granted access to the Access Point while the access will be denied for all the remaining
  • MAC ACL Policy Deny: all wireless devices in the list will have denied access to the Access Point while the access will be granted for all the remaining clients.

Configuring via WEB GUI

Login into AirOS WEB User Interface, go to LINK SETUP Tab:

  • In MAC ACL Section, check Enabled
  • Select Allow or Deny policy
  • Add/Remove MACs to/from list (be careful!!!)
  • Click Change button to confirm new configuration
  • Click Apply button to apply changes
  • Wait until process is complete


Add more then 16 MACs in ACL (Manual editing)

AirOS WEB User Interface manage up to 16 MAC Address.
If you need more then 16 MACs, a workaround is to add MACs manual editing configuration file.


  • Download configuration file
  • Open configuration file whit text editor supporting Linux/Unix format and manually add additional lines of MAC filtering: 
...
wireless.1.mac_acl.17.mac=XX:XX:XX:XX:XX:XX
wireless.1.mac_acl.17.status=enabled
wireless.1.mac_acl.18.mac=XX:XX:XX:XX:XX:XX
wireless.1.mac_acl.18.status=enabled
wireless.1.mac_acl.19.mac=XX:XX:XX:XX:XX:XX
wireless.1.mac_acl.19.status=enabled
wireless.1.mac_acl.20.mac=XX:XX:XX:XX:XX:XX
wireless.1.mac_acl.20.status=enabled
...
  • Upload edited configuration file
  • Apply new configuration


Note: set status as:

  • enabled = allow
  • disabled = deny


The AirOS WEB GUI always show only first 16 MACs, but if the configuration file are correctly edited, it work fine.

Retrieved from "http://wiki.ubnt.com/MAC_ACL_Editing"