Reply
Previous Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4837
Solutions: 197

Re: MAC filtering on UniFi

Yes, we will be adding MAC filtering.  Very approximate ETA right now is about 2 months - so perhaps July/August.

 

Cheers,

Brandon

Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
Member
Posts: 108
Registered: ‎02-03-2016
Kudos: 13
Solutions: 2

Re: MAC filtering on UniFi

[ Edited ]

No, now its to late, MAC-filter is so 1999, now we dont want it anymore, nananananana Grouphug

 

Will we be able to whitelist a device MAC-adres per AP basis and channel (BSSID) or just per SSID basis or how will it be implemented ? Drool5

 

Iam tryign to ask if we are going to be able to use the MAC-filter to connect non-mobile devices (like chromecasts, appletvs) to a specific AP on a specific channel (while using one SSID for the entire network).

 

Member
Posts: 150
Registered: ‎06-08-2014
Kudos: 52
Solutions: 4

Re: MAC filtering on UniFi

More options are always good. On the other hand, Ubiquiti has an obligation to help provide herd immunity. 

 

If Ubiquiti does provide this option, I hope that it has a strong warning when using it, especially when open security is used, or else people will start to use it as a primary security mechanism (ie, open network with Mac filtering). 

 

 

 

I often hear the argument by paid IT experts, that its ok, since its a small business.. When they do get compromised, the first thing the same people do, is often blame the equipment (I've seen it lots of times). Also, often, the same users end up with customer details stolen, or as part of a botnet.. Then its not negligence, but the hackers fault. 

 

 

So yes to adding this, but, put a warning, and ensure that people know that it can be bypassed (even make it part of the FAQ).. This way, it ensures that if people deploy it wrong, that they are held responsible, and there can be no excuses that they didn't know. 

 

 

 

But seriously, people here in small businesses who don't want to use WPA Enterprise, as an alternative, should be using seperate SSID's for every user instead (and just delete the SSID when the employee leaves). That's easy to deploy, and at least offers some security, and will be sufficient on a small network. 

Member
Posts: 108
Registered: ‎02-03-2016
Kudos: 13
Solutions: 2

Re: MAC filtering on UniFi

I doubt any other brands uses a warning like that, i never seen them in any home environment aps/routers or in the wireless modem you get from your ISP, not even in the manuals, so why would ubnt create a warning like that ?

Would they also have to create a warning then for when you select to config a open network in the first place Man Happy ?

 

It is more practical to update the password on small business wireless networks in case of some events instead of messing with the SSID names.

SuperUser
Posts: 9,534
Registered: ‎01-10-2012
Kudos: 6094
Solutions: 387

Re: MAC filtering on UniFi


@The100 wrote:

 

Iam tryign to ask if we are going to be able to use the MAC-filter to connect non-mobile devices (like chromecasts, appletvs) to a specific AP on a specific channel (while using one SSID for the entire network).

 


Check out the RADIUS controlled VLAN thread in the Beta forum...

When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudo's to the people who have helped you out!

Having wifi problems? Take a look here first: https://help.ubnt.com/hc/en-us/articles/221029967-UniFi-Debugging-Intermittent-Connectivity-Issues-on-your-UAP
New Member
Posts: 2
Registered: ‎06-17-2016

Re: MAC filtering on UniFi

I need that option, it's very important on my bussiness, We have two AP without RADIUS. I was amazed when I discovered I didn't have that possibility... 

Previous Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4837
Solutions: 197

Re: MAC filtering on UniFi

What does 'We have two AP without RADIUS' mean?
Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
New Member
Posts: 2
Registered: ‎06-17-2016

Re: MAC filtering on UniFi


I wanted to say "I haven't RADIUS servers configured for use with the APs".

 

I have configured the AP with WPA-PERSONAL security only and I need filter by MAC because the users know the password and connect personal mobiles, etc. I only can block the devices too later, when device is connected.

Previous Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4837
Solutions: 197

Re: MAC filtering on UniFi

Got it. So we're actually adding FreeRADIUS to the USG (it's actually there as of 5.0.6+, just disabled) to help with this and will allow user config via the UniFi GUI say in next month or two.

Further we are implementing this whitelist/blacklist. So you'll actually be able to easily do both not too long from now. I'd say 2 months.
Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
Member
Posts: 108
Registered: ‎02-03-2016
Kudos: 13
Solutions: 2

Re: MAC filtering on UniFi

whitelist/blacklist on AP's or USG ?

 

p.s. i didnt understand what i should check out about that radius thread before, may have missed something ^^ (also will never use it anyways)

New Member
Posts: 7
Registered: ‎02-27-2016
Kudos: 5

Re: MAC filtering on UniFi

Yeah, I think you're really punting this problem and integrating it into your USG product. It doesn't meet the original requirement which was to add MAC Filtering to the AP, not make it so that the AP uses functionality of an external system/device. Not everyone has AP's in a complete Enterprise Authentication system in place such as RADIUS, etc.

Previous Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4837
Solutions: 197

Re: MAC filtering on UniFi


@allbro wrote:

Yeah, I think you're really punting this problem and integrating it into your USG product. It doesn't meet the original requirement which was to add MAC Filtering to the AP, not make it so that the AP uses functionality of an external system/device. Not everyone has AP's in a complete Enterprise Authentication system in place such as RADIUS, etc.


So we're implementing MAC whitelist/blacklist in the APs themselves - no USG required.  

 

We're also integrating (as a separate effort) FreeRADIUS direcrly on the USG so that users can more readily/easily do Radius authentication, Radius VLAN (on APs and Switches), and Radius-auth remote user VPN.

 

It even allows direct integration of LDAP to UniFi for say remote user VPN.

Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
New Member
Posts: 7
Registered: ‎02-27-2016
Kudos: 5

Re: MAC filtering on UniFi

That's awesome and good to know. I must have misread your post then. Thanks for clarifying and also taking on this requirement.

Previous Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4837
Solutions: 197

Re: MAC filtering on UniFi

Our pleasure.  We think both will have use for different sizes of installs/etc.

Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
Member
Posts: 108
Registered: ‎02-03-2016
Kudos: 13
Solutions: 2

Re: MAC filtering on UniFi

[ Edited ]

So.. so.. so... happy, finally can also use Unify for paying homeuser. Little more work to keep track of the whitelists/blacklists, but for homeuser environments this will work great. It will let me double the APs in homeuser environments from 2 to 4 if i can work with a blacklist/whitelist. I have had so many issues with dump devices connecting to far away APs (unstable/slow connections). I had to give up quickly using Unify in alot of homeuser environments. Finally an excuse to buy cloudkeys ^^

 

Established Member
Posts: 1,302
Registered: ‎05-28-2016
Kudos: 629
Solutions: 50

Re: MAC filtering on UniFi


@UBNT-Brandon wrote:
Got it. So we're actually adding FreeRADIUS to the USG (it's actually there as of 5.0.6+, just disabled) to help with this and will allow user config via the UniFi GUI say in next month or two.

Further we are implementing this whitelist/blacklist. So you'll actually be able to easily do both not too long from now. I'd say 2 months.

Bloody awesome! Thanks, that means I can stop messing with my synology radius / radius server on mikrotik etc can't wait!

I am not an expert and don't play one on TV.
Don't forget RTFM https://www.ubnt.com/downloads/guides/UniFi/UniFi_Controller_V5_UG.pdf it really is impressive documentation.
Previous Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4837
Solutions: 197

Re: MAC filtering on UniFi

Thanks for the feedback @scyto. So to make sure we're not missing it, could you share the main fields you'd want to be able to edit for FreeRADIUS?

We're thinking user management (adding/removing users, control over usernames/passwords) is most important for first release, while also allowing assigning Dynamic VLAN to these users as well, also for the first release.

Thoughts?
Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
SuperUser
Posts: 9,534
Registered: ‎01-10-2012
Kudos: 6094
Solutions: 387

Re: MAC filtering on UniFi

[ Edited ]

@UBNT-Brandon wrote:

Thoughts?

Don't release a built in FreeRadius server unless it will support the new Dynamic VLAN firmware.


I don't think it would be pretty.


Just saying Man Happy 

When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudo's to the people who have helped you out!

Having wifi problems? Take a look here first: https://help.ubnt.com/hc/en-us/articles/221029967-UniFi-Debugging-Intermittent-Connectivity-Issues-on-your-UAP
Established Member
Posts: 1,302
Registered: ‎05-28-2016
Kudos: 629
Solutions: 50

Re: MAC filtering on UniFi

Agree with EricE I only want it to support dynamic VLAN feature. 

It should support 3rd part LDAP and AD along with ability to define local accounts (not sure if that means LDAP server or not on the Unifi)

I am not an expert and don't play one on TV.
Don't forget RTFM https://www.ubnt.com/downloads/guides/UniFi/UniFi_Controller_V5_UG.pdf it really is impressive documentation.
Previous Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4837
Solutions: 197

Re: MAC filtering on UniFi

So yes I mentioned above it would support adding dynamic VLAN entries.

Yes, we're thinking LDAP for the second release.
Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
Reply