In a network that only has an MS120-8FP switch and 2 MR46 APs installed, would it be possible to use a group policy to perform MAC filtering or I need a MX64?
I have configured in Wireless -> Firewall & Traffic shaping a rule denying all traffic like in the photo shows.
Is it enough for implementing MAC filtering? This option has not been tested yet, I'll try it tomorrow.
I want to enable a MAC filtering in anyway. I've seen 2 ways:
1. Enable MAB in association but I need a RADIUS server.
2. Configure a 3 Lay rule and apply a group policy but I don't have a MX installed in the network.
I would like to use the second option but I don't know if it is possible without a MX.
To use MAB on wireless a Radius server is required. To use on the LAN segment you can use a allow list on each port:
For a wireless device, you can assign a group policy by device type. And just allow clients that do you want to use the wireless on a different group policy.
I have never tested It before, but I can test and share the results.
I would make the Deny rule for all traffic, not just Local LAN. Then for the clients you want to have access, you would go to Network Wide, Clients, check the box for the client you want to allow access, choose Policy at the top, and add them to the Allow List.
Keep in mind that this method isn't very secure, since MAC addresses can be spoofed.
This topic has some good info on a couple of different approaches and screenshots:
You can use iPSK on the SSID without RADIUS for up to 50 clients.