R510: Import MAC address list and limitations
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 05:23 AM
I'm setting up a new R510. I have 126 MAC addresses in the allow list on my old hardware. I can't see how to import that list on the R510. Please tell me I am not going to have to do this one at a time?!
Also, I think I read in passing there is a limit of 128 MAC addresses per allow / deny rule? Given I am starting at 126 and adding new devices regularly, that doesn't bode well for me if correct. Can I create more than one allow list and have it applied against the same wlan?
Also, I think I read in passing there is a limit of 128 MAC addresses per allow / deny rule? Given I am starting at 126 and adding new devices regularly, that doesn't bode well for me if correct. Can I create more than one allow list and have it applied against the same wlan?
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 07:39 AM
Hi Matt,
Can I as why you are whitelisting MAC addresses?
As a security method, white/black listing MAC addresses is not considered by the Wi-Fi industry as either a secure or scalable solution and as you are finding is very admin-heavy.
Have you considered any alternative solutions such as 802.1X RADIUS based network access control?
Regarding your new R510, what version of firmware is it running?
Regards,
Darrel.
Can I as why you are whitelisting MAC addresses?
As a security method, white/black listing MAC addresses is not considered by the Wi-Fi industry as either a secure or scalable solution and as you are finding is very admin-heavy.
Have you considered any alternative solutions such as 802.1X RADIUS based network access control?
Regarding your new R510, what version of firmware is it running?
Regards,
Darrel.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 08:04 AM
Hi
Thanks for the reply.
I'm simply trying to transpose a setup from an old ZoneDirector 1000. It is set up to use MAC address as a white list for devices given access to the internal network.
I don't really know how to deploy an alternative at this time. I have an AD and two server 2008 DCs to leverage but not clever switch configuration or dedicated auth server (other than the DCs).
Firmware is 200.6.10.1.312
Thanks
Matt
Thanks for the reply.
I'm simply trying to transpose a setup from an old ZoneDirector 1000. It is set up to use MAC address as a white list for devices given access to the internal network.
I don't really know how to deploy an alternative at this time. I have an AD and two server 2008 DCs to leverage but not clever switch configuration or dedicated auth server (other than the DCs).
Firmware is 200.6.10.1.312
Thanks
Matt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 10:10 AM
I see under Services AAA there is a choice to use Active Directory...
As I run AD perhaps that would be an easy win? I'd lose sight of the devices coming and going (our BYOD is somewhat of a free for all), but I'd be able to drop the MAC address maintenance, lose the list size limitation and get on with my life...
Thoughts?
To others in the same / similar boat: I've had a response from Ruckus confirming the MAC address list limit is 128 and that you can only have one L2/MAC rule per wlan. The work around would be to define to split out into wlans but thats clearly not ideal, otherwise as per Darrel's post, use a different auth method such as RADIUS.
I'm waiting to hear whether there is a CLI method of importing the MAC addresses given the GUI is not offering an import option.
As I run AD perhaps that would be an easy win? I'd lose sight of the devices coming and going (our BYOD is somewhat of a free for all), but I'd be able to drop the MAC address maintenance, lose the list size limitation and get on with my life...
Thoughts?
To others in the same / similar boat: I've had a response from Ruckus confirming the MAC address list limit is 128 and that you can only have one L2/MAC rule per wlan. The work around would be to define to split out into wlans but thats clearly not ideal, otherwise as per Darrel's post, use a different auth method such as RADIUS.
I'm waiting to hear whether there is a CLI method of importing the MAC addresses given the GUI is not offering an import option.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2018 10:23 AM
Hi Matt,
Apologies I'd not had chance to reply to your earlier email.
However you took the words out of my mouth! I was going to advise using 802.1X authentication using your AD server (.1X needs NPS and is much easier to setup than LDAP with AD).
It appears that you are using Unleashed firmware - this supports NPS 802.1X integration.
I'd recommend downloading the Admin guide for Unleashed here: https://support.ruckuswireless.com/documents/2288-ruckus-unleashed-200-6-ga-refresh-user-guide
Thanks,
Darrel.
Apologies I'd not had chance to reply to your earlier email.
However you took the words out of my mouth! I was going to advise using 802.1X authentication using your AD server (.1X needs NPS and is much easier to setup than LDAP with AD).
It appears that you are using Unleashed firmware - this supports NPS 802.1X integration.
I'd recommend downloading the Admin guide for Unleashed here: https://support.ruckuswireless.com/documents/2288-ruckus-unleashed-200-6-ga-refresh-user-guide
Thanks,
Darrel.
