Configuring the MAC filter list for Internal Wireless
Description
Wireless networking provides native MAC filtering capabilities that prevent wireless clients from authenticating and associating with the wireless security appliance. If you enforce MAC filtering on the WLAN, wireless clients must provide you with the MAC address of their wireless networking card. The SonicOS wireless MAC Filter List allows you to configure a list of clients that are allowed or denied access to your wireless network. Without MAC filtering, any wireless client can join your wireless network if they know the SSID and other security parameters, thus allowing them to “break into” your wireless network.
Deployment Considerations :
Consider the following when deploying the MAC Filter List:
The MAC Filter List can be enabled on the Internal Wireless > MAC Filter List page if a virtual access point (VAP) group is not configured. If a VAP group is configured, the MAC Filter function needs to be enabled on the VAP object.
The virtual access point can configure its MAC Filter List or inherit global settings configured on the Internal Wireless > MAC Filter List page.
Resolution for SonicOS 7.X :
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Log into the SonicWall appliance and follow these instructions to set up your MAC Filter List.
- Click Object in the top navigation menu.
- Navigate to Match Objects | Addresses .
- Click on Address Objects tab.
- Click Add to add new address object
- Enter the following.
- Name: The name of the user whose wireless card MAC address you wish to grant access.
- Zone Assignment: WLAN or an appropriate custom wireless zone.
- Type: MAC
- MAC Address: The MAC address of the user's wireless adapter. Enter a dash between each pair of characters.
EXAMPLE: 00-12-34-56-78-AB.
- Click OK to complete creation of the user's MAC address object.
- Click on the Address Groups tab.
- Click the edit icon next to the Default ACL Allow Group object.
- Select the newly created MAC address object and click the right arrow button to add it as a member of the Default ACL Allow Group
- Click OK.
- Repeat the same procedure with the Default ACL Deny Group for any MAC addresses you wish to explicitly deny access.
NOTE:The Deny List is enforced before the Allow List. - Click Device Tab, Navigate to Internal Wireless | MAC Filter List.
- Check Enable MAC Filter List. Select the Default ACL Allow Group in the Allow List and Select the Default ACL Deny Group in the Deny List.
- Click Accept to complete the process.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Log into the SonicWall appliance and follow these instructions to set up your MAC Filter List.
- Click Manage in the top navigation menu.
- Select Objects | Address Objects.
- Click on Address Objects tab.
- Click Add a new address object button
- Enter the following.
- Name: The name of the user whose wireless card MAC address you wish to grant access.
- Zone Assignment: WLAN or an appropriate custom wireless zone.
- Type: MAC
- MAC Address: The MAC address of the user's wireless adapter. Enter a dash between each pair of characters. EXAMPLE: 00-12-34-56-78-AB.
- Click OK to complete creation of the user's MAC address object.
- Click on Address Groups tab.
- Click the edit icon next to the Default ACL Allow Group object.
- Select the newly created MAC address object and click the right arrow button to add it as a member of the Default ACL Allow Group.
- Click OK.
- Repeat the same procedure with the Default ACL Deny Group for any MAC addresses you wish to explicitly deny access. NOTE:The Deny List is enforced before the Allow List.
- Click Manage Tab, Under Select Wireless | MAC Filter List.
- Check Enable MAC Filter List. Select the Default ACL Allow Group in the Allow List and Select the Default ACL Deny Group in the Deny List.
- Click Apply changes to this page button to complete the process.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Log into the SonicWall appliance and follow these instructions to set up your MAC Filter List.
SonicOS Enhanced
- Navigate to Network | Address Objects.
- Click Add a new address object button and enter the following.
- Name: The name of the user whose wireless card MAC address you wish to grant access.
- Zone Assignment: WLAN or an appropriate custom wireless zone.
- Type: MAC
- MAC Address: The MAC address of the user's wireless adapter. Enter a dash between each pair of characters. EXAMPLE: 00-12-34-56-78-AB.
- Click OK to complete creation of the user's MAC address object.
- Click Edit icon next to the Default ACL Allow Group object.
- Select the newly created MAC address object and click the right arrow button to add it as a member of the Default ACL Allow Group.
- Click OK.
- Repeat the same procedure with the Default ACL Deny Group for any MAC addresses you wish to explicitly deny access. NOTE: The Deny List is enforced before the Allow List.
- Select Wireless | MAC Filter list.
- Check Enable MAC Filter List.
- Select the Default ACL Allow Group in the Allow List.
- Select the Default ACL Deny Group in the Deny List.
- Click the Apply changes to this page button to complete the process.
SonicOS Standard
- Select Wireless |MAC Filter List.
- Click Add to add a MAC address to the MAC Filter List.
- Select Allow from the action menu to allow access to the WLAN. To deny access, select block.
- Type the MAC address in the MAC address field. Enter a dash between each pair of characters. EXAMPLE: 00-12-34-56-78-AB.
- Type a name or comment in the comment field. The comment field can be used to identify the source of the MAC address.
- Click OK to add the MAC address.
