Showing results for 
Search instead for 
Did you mean: 

How can I activate L2/MAC Address Access Control list in 1 SSID catering 500+ clients?

New Contributor II
How can I activate L2/MAC Address Access Control list in 1 SSID catering 500+ clients? As per forums and manuals, 1 ACL is just up to 128 MAC addresses.

Contributor III
Howdy, you'll need to set up a radius server. As you noted, your design as it stands is beyond the capacity of the system. 
You may wish to try Cloudpath, that's what my org uses.

Cloudpath is a great idea. Does it affects/consume bandwidth of the internet? as per your experience? 

RUCKUS Team Member
Hi Ryan,

Unfortunately, due to limits in the Radio Chip, you cannot assign more then one L2 ACL per WLAN/SSID so the limit is 128 MAC/Clients

The only option to control access via MAC address is to use MAC authentication which will require an external RADIUS server:

000001847 - mac authentication using radius server
13 Feb 2018

My Support Account ...  mac authentication using radius server Summary ... How to configure MAC authentication with RADIUS ... How to configure MAC authentication using radius server?

000001247 - MAC address filtering compared to MAC authentication
11 Jan 2014

MAC authentication checks the MAC address of the clients against a RADIUS server, and allows connection to MAC that is listed. ... Once authenticated the client traffic is allowed to pass.

Another very good option would be to use the Ruckus DPSK mechanism that assigns a personal PSK key to each user and binds this to a specific client device MAC address

Check the administration guide for the version of ZD/Unleashed code you may be running for details and check out the Knowledge base on support log that has many articles on DPSK usage.

I hope this information is helpful,



New Contributor II
Yeah, radius server will do the trick. But i'm hoping that there's a workaround for the ZD to handle that kind of capacity.

Well, It's not that recommendable on my part as we are cloud based company. The only hardware we have is all network equipment. No physical servers and all cloud servers are handled by the other teams, meaning creating radius server is not on the list of resolution. 🙂