Chapter 6 Deploying Wireless Networks for FortiOS 5.0 : Configuring a WiFi LAN : Defining a wireless network interface (SSID) : Adding a MAC filter
  
Adding a MAC filter
On each SSID, you can create a MAC address filter list to either permit or exclude a list of clients identified by their MAC addresses.
This is actually not as secure as it appears. Someone seeking unauthorized access to your network can obtain MAC addresses from wireless traffic and use them to impersonate legitimate users. A MAC filter list should only be used in conjunction with other security measures such as encryption.
To configure a MAC filter - web-based manager
1. Go to WiFi Controller > WiFi Network > SSID and edit your SSID entry.
2. In the DHCP Server section, expand Advanced.
3. In MAC Address Access Control List, select Create New.
4. Enter a MAC address In the MAC field.
5. Double-click in IP or Action, and do one of:
Select Reserve IP and enter the IP address to assign to this MAC address.
Select Assign IP. This MAC address will be assigned an IP address automatically.
Select Block. This MAC address will not be assigned an IP address.
6. Double-click in the Unknown MAC Addresses line and select Assign IP or Block, as needed.
By default, unlisted MAC addresses are assigned an IP address automatically.
7. Repeat steps 3 through 6 for each additional MAC address that you want to add.
8. Select OK.
To configure a MAC filter - CLI
1. Enter
config system dhcp server
show
2. Find the entry where interface is your WiFi interface. Edit that entry and configure the MAC filter. In this example, the MAC address 11:11:11:11:11:11will be excluded. Unlisted MAC addresses will be assigned an IP address automatically.
edit 3
config reserved-address
edit 1
set action block
set mac 11:11:11:11:11:11
end
set mac-acl-default-action assign
end