Reply
Ubiquiti Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4836
Solutions: 197

Re: MAC filtering on UniFi

Also, what won't be pretty?
Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
Veteran Member
Posts: 4,725
Registered: ‎03-11-2013
Kudos: 1472
Solutions: 88

Re: MAC filtering on UniFi

@UBNT-Brandon

 

You might find this informative - Univention FreeRadius App

 

It works in schools

New Member
Posts: 32
Registered: ‎04-21-2014
Kudos: 10

Re: MAC filtering on UniFi

For people without USG will FreeRADIUS also be integrated in te Cloud key.

 

Having one place to create users and then determen wich site(s)(and vlan) they have access to is wat i'm looking for.

 

 

 

 

SuperUser
Posts: 9,419
Registered: ‎01-10-2012
Kudos: 5847
Solutions: 385

Re: MAC filtering on UniFi

[ Edited ]

@UBNT-Brandon wrote:
Also, what won't be pretty?

Really?  You don't think negative reaction would be strong - recently added RADIUS controlled VLAN support, add a RADIUS server and it doesn't support it?  I realize you might assume that RAIDUS for hotspot is more of the demand for RADIUS but I wonder if there might be more people who would use RADIUS for wifi (WPA Enterprise) and/or RAIDUS controlled VLANS if it was more integrated with Unifi.

 

Also I just realized you said adding to the USG - that's disappointing.  I would hope it would be added to the controller unless the cloud key just can't hack it, which is still a crappy reason to do it on the USG vs the controller but I kind of understand it a little more.  Or making it work on OSX or Windows.  OK, I think I get more why you guys were thinking USG - you control it.  Maybe an option for only the Linux controller then?  Because a few of my sites have no use for the USG - unless you deliver the USG passthrough/monitor mode  Icon Wink

 

Speaking of integration, integration with Active Directory - even if it's CLI at first, would be pretty crucial for non-Hotspot use.  If that does delay the RADIUS VLAN support, then please just come out and say it  CoolgleamA

When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudo's to the people who have helped you out!

Having wifi problems? Take a look here first: https://help.ubnt.com/hc/en-us/articles/221029967-UniFi-Debugging-Intermittent-Connectivity-Issues-on-your-UAP
Ubiquiti Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4836
Solutions: 197

Re: MAC filtering on UniFi

So as I said above the first release will support Radius VLAN.

Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
Ubiquiti Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4836
Solutions: 197

Re: MAC filtering on UniFi

So the USG and UCK both have FreeRADIUS 2 installed now.  We will likely focus on the USG, but already have FreeRADIUS running on the UCK as well.

 

Also, please read my posts.  I keep writing details which are not read, and then there's argument for features I've already written will be coming.  Please stop.

Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
Ubiquiti Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4836
Solutions: 197

Re: MAC filtering on UniFi

Also, active directory is supported, yes.  Right now you have to do it via the CLI.  Also, radius username and radius VLAN can be shown per user now in V5 - you just have to enable these custom columns.

 

I'll have to check with @UBNT-KM on whether the current UCK firmware has FreeRadius default installed.  The current USG and USG-Pro-4 both do - so feel free to set these up and interface them to the controller as you would a standard radius server.

 

@UBNT-KM can provide details for enabling the radius server.

Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
SuperUser
Posts: 9,419
Registered: ‎01-10-2012
Kudos: 5847
Solutions: 385

Re: MAC filtering on UniFi

Thanks for the clarification @UBNT-Brandon - awesome news!  

 

I'm really looking forward to the way Unifi is maturing - features like integrated RADIUS server is a nice, unexpected surprise.  Good stuff!

When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudo's to the people who have helped you out!

Having wifi problems? Take a look here first: https://help.ubnt.com/hc/en-us/articles/221029967-UniFi-Debugging-Intermittent-Connectivity-Issues-on-your-UAP
Ubiquiti Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4836
Solutions: 197

Re: MAC filtering on UniFi

For those that want to try out the current radius server pre-installed on the UCK and USG you can enable it with:

systemctl enable freeradius.service

 

And to stop it:

systemctl start freeradius.service

 

This isn't really tested yet, so please do backup any radius settings you enter before doing any cloudkey or controller upgrades.

 

BR,

BRandon

Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
Ubiquiti Employee
Posts: 485
Registered: ‎01-18-2011
Kudos: 189
Solutions: 26

Re: MAC filtering on UniFi

Hi, all:

 

FreeRADIUS is bundled into UCK firmware since v0.5.0. 

You can use the command provided in @UBNT-Brandon's post to enable it.

If you need LDAP support for FreeRAIUS, you may need freeradius-ldap package as well. (which is not bundled in UCK firmware v.0.5.0)

Please add it by manually by

apt-get install freeradius

 freeradius-ldap will be bundled in next UCK firmware release.

 

-KM

Emerging Member
Posts: 59
Registered: ‎03-16-2016
Kudos: 7
Solutions: 1

Re: MAC filtering on UniFi

[ Edited ]

Hey Everyone,

 

We are using UAP-AC-Outdoor access points on major motion picture productions and we would really need this feature (whitelisting devices based on MAC) to be added as soon as possible, especially because some major studios require us to add every bit of extra security there is.

 

I've read in the thread that the August release might have this.

Since it's August already, is there any new ETA on this?

 

Thanks

 

 

Member
Posts: 108
Registered: ‎02-03-2016
Kudos: 13
Solutions: 2

Re: MAC filtering on UniFi

it should not be used as an added security feature, too easy to clone mac adresses.

lets hope it gets added soon ^^

Emerging Member
Posts: 59
Registered: ‎03-16-2016
Kudos: 7
Solutions: 1

Re: MAC filtering on UniFi

I'm totally aware of that, but any extra click (no matter how simple) someone has to do to get on the network can be reassuring to people and seen as an extra bit of security.

 

Exactly, let's hope it gets added soon. Man Happy

Veteran Member
Posts: 4,725
Registered: ‎03-11-2013
Kudos: 1472
Solutions: 88

Re: MAC filtering on UniFi


@GeorgeZ wrote:

Hey Everyone,

 

We are using UAP-AC-Outdoor access points on major motion picture productions and we would really need this feature (whitelisting devices based on MAC) to be added as soon as possible, especially because some major studios require us to add every bit of extra security there is.

 

I've read in the thread that the August release might have this.

Since it's August already, is there any new ETA on this?

 

 

 


If it is desperate, why not buy products that already have the features you require in the first place?

 

The simplest solution for now, is to employ a RADIUS Server with Active Directory - that will meet your client's requirements.

 

Are you aware that Apple randomises MAC values and Windows devices give you the same option?

 

R+C

 

 

Emerging Member
Posts: 59
Registered: ‎03-16-2016
Kudos: 7
Solutions: 1

Re: MAC filtering on UniFi

[ Edited ]

Thanks .

 

It is not super urgent as we have been using these APs for ages, but we get this request very often and would be great to have it as soon as possible.

As loyal customers, we don't want to switch to anything else either.

 

Thanks but the radius server is not an option for us, we need this in the AP.

 

 

Veteran Member
Posts: 4,725
Registered: ‎03-11-2013
Kudos: 1472
Solutions: 88

Re: MAC filtering on UniFi

[ Edited ]

@GeorgeZ wrote:

Thanks @Uberseehandel.

 

It is not super urgent as we have ben using these APs for ages, but we get this request very often and woudl be great to have ig as soon as possible.

As loyal customers, we don't want to switch to anything else either.

 

Thanks but the radius server is not an option for us, we need this in the AP.

 

 


You make it sound super urgent.

 

As far as AD and a RADIUS server are concerned, how can they NOT be an option, you can even use Azure Active Directory Services, amongst a host of other tools for identity validation on a variety of devices.

 

R+C

Veteran Member
Posts: 4,828
Registered: ‎06-13-2015
Kudos: 1308
Solutions: 228

Re: MAC filtering on UniFi


@Uberseehandel wrote:
......

Are you aware that Apple randomises MAC values and Windows devices give you the same option?

R+C


From experience with a very specific project, I have learnt that the IOS MAC randomisation only takes effect when a device is not associated with an SSID, especially when the device is issuing probe requests. Even still, MAC addresses are not a very reliable data source for security controls if security has a high priority.

Art of WiFi
Check out our UniFi API browser tool on GitHub. The PHP API client which it uses, can be found here on GitHub.
The thread on our UniFi Device Search tool can be found here, also check out our Captive Portal solutions for UniFi.
Ubiquiti Employee
Posts: 7,521
Registered: ‎03-17-2015
Kudos: 4836
Solutions: 197

Re: MAC filtering on UniFi

Hey guys,

 

Our focus on firmware of late has been more on improving stability/peformance so this took a bit of a back seat.

 

We're still on it (and parts of it are complete) but it looks like this will more likely be an 'early-next-year' to get to Beta.

 

BR,

Brandon

Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
New Member
Posts: 2
Registered: ‎07-14-2016

Re: MAC filtering on UniFi

 
Member
Posts: 108
Registered: ‎02-03-2016
Kudos: 13
Solutions: 2

Re: MAC filtering on UniFi

[ Edited ]

question 1:

If a blacklists is ever added is it possible to add a preferred AP option ? So that when you have AP,1 AP2 and  AP3 in your house. The APs force a device with a specific mac adres to connect with AP1 when its above a certain RSSI value. But if AP1 has a bad RSSI value or if AP1 is offline, the device is still able to connect with AP2 or AP3. (or use the values for Minimum RSSI from the conf panel)

 

? i have no idea if these APs talk to each other (or need to) in some way and could allow a blacklisted mac adres if it sees no other APs on the network or if a cloudkey is needed to make this work or whatever Man Happy (:Man Happy (: Man Happy (: Man Happy (:

 

question 2:

would we be able to allow/block a range of mac adres (with wildcards like * or ^ or whatever) for devices that use multiple mac adresses in  a certain range.

Reply