Per SSID MAC Filtering

Submitted by -
Status: Implemented

I would like to see per SSID MAC filtering (Allow all, whitelist, blacklist etc), I realise MAC filtering provides a limited amount of security however it is an important tool in a layered security approach.

Ideally this could be implemented per SSID so that you can run a whitelist (allow only listed MACs) on the corporate network, and allow all (potentially with blacklist) on a guest network.

 

 

Duplicates:
http://community.ubnt.com/t5/UniFi-Feature-Requests/MAC-address-Whitelist/idi-p/1174586
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/20
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/270
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/331
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/1100
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/1583
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/1600
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/2065
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/1643
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/1140
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/1963
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/141
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/2206
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/1579
http://community.ubnt.com/t5/ideas/v2/ideapage/blog-id/UniFi_Ideas/article-id/2168

Comments
by
on ‎04-28-2016 06:21 AM

Thanks for the update Brandon. Looking forward to 802.1X on the UAPs!

by Ubiquiti Employee
on ‎04-28-2016 06:23 AM

So 802.1x already works on the UAPs.  And 802.1x dynamic VLAN works in Beta on the UAPs.

by
on ‎04-28-2016 06:34 AM

So I'm using 802.1x with WPA2 and AES encryption now, I was hoping to use 802.1x without encryption so I can do Radius Mac Authentication. Is that in the plans for this feature request?

by Ubiquiti Employee
‎04-28-2016 06:35 AM - edited ‎04-28-2016 06:36 AM

Yes, captive-portal-based 802.1x is in the plans.  But not definitive date yet.  We could then do Radius MAC authentication as well then.

by
on ‎04-30-2016 03:29 AM

Agreed!

 

Kinda surprised that it wasn't a feature/function of the AP already...

by Ubiquiti Employee
on ‎05-01-2016 09:37 AM

Yep, we'll get there.  Should be out in coming months.

by
on ‎05-02-2016 01:38 PM

VERY badly needed!!!!

by
on ‎05-03-2016 08:25 AM

So finally a solution for our MAC filtering woes? 

by
on ‎05-04-2016 06:56 AM
If implemented, it should be band-specific MAC filtering, not global.
by Ubiquiti Employee
on ‎05-04-2016 07:28 AM

So we're working towards application per SSID.  So is this sufficient?  If you want to be band specific you could then just put different SSIDs on each band.

 

That work?