Controlling access with a MAC Address Access Control List
A MAC Address Access Control List (ACL) allows or blocks access on a network interface that includes a DHCP server. If the interface does not use DHCP, or if you want to limit network access to a larger group such as employee devices, it is better to create a device group and specify that group in your security policies.
A MAC Address ACL functions as either a list of blocked devices or a list of allowed devices. This is determined by the Unknown MAC Address entry.
• By default, the ACL is a list of blocked devices. The Unknown MAC Address entry Action is Assign IP. You add an entry for each MAC address that you want to block and set its Action to Block.
• If you want the ACL to allow only a limited set of devices, you set the Unknown MAC Address entry to Block. Then, add the MAC address of each allowed device. Set Action to Assign IP. Optionally, you can set Action to Reserve and enter the IP address that will always be assigned to the device.
To create a MAC Address ACL to allow only specific devices
1. Go to the SSID or network interface configuration.
2. In the DHCP Server section, expand Advanced.
DHCP Server must be enabled.
3. In MAC Reservation + Access Control, select Create New and enter an allowed device’s MAC Address.
4. In the IP or Action column, select one of:
• Assign IP — device is assigned an IP address from the DHCP server address range.
• Reserve IP — device is assigned the IP address that you specify.
5. Repeat Steps
3 and
4 for each additional MAC address entry.
6. Set the Unknown MAC Address entry IP or Action to Block.
7. Select OK.
To create a MAC Address ACL to block specific devices
1. Go to the SSID or network interface configuration.
2. In the DHCP Server section, expand Advanced.
DHCP Server must be enabled.
3. In MAC Reservation + Access Control, select Create New and enter a blocked device’s MAC Address.
4. In the IP or Action column, select Block.
5. Repeat Steps
3 and
4 for each additional MAC address entry.
6. Set the Unknown MAC Address entry IP or Action to Assign IP.
7. Select OK.