What's new

Mac filtering for IOT network

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dlukanidin

Occasional Visitor
My config: AX6000 - mesh master, AX86U + AX88U mesh nodes, AC68U - AP for IOT in stand alone building. Why AC68 - because mesh nodes doesn't support new firmware feature Guest Network Pro/IOT network.
Smart devices from stand alone building try to connect to AX6000 with bad signal. To prevent this I create on AX6000 MAC filter to disable such connection. But it doesn't work, if AX6000 start first, smart devices connect to it.
Does anybody know how to prevent such unwanted connections?
 
I found it myself, not a solution but it works for me:
1. nvram show | grep MY_IOT_SSID show for me wl0.1_ssid=MY_IOT_SSID
2. For one smart device

Code:
nvram set wl0.1_macmode=deny
nvram set wl0.1_maclist=XX:XX:XX:XX:XX:XX
nvram set wl0.1_maclist_x='<XX:XX:XX:XX:XX:XX'
nvram commit
service restart_wireless
 
I found it myself, not a solution but it works for me:
1. nvram show | grep MY_IOT_SSID show for me wl0.1_ssid=MY_IOT_SSID
2. For one smart device

Code:
nvram set wl0.1_macmode=deny
nvram set wl0.1_maclist=XX:XX:XX:XX:XX:XX
nvram set wl0.1_maclist_x='<XX:XX:XX:XX:XX:XX'
nvram commit
service restart_wireless
While not a solution I had the same problem if for some reason the router and APs rebooted devices might connect to a non optimal AP so I set my DHCP lease times to 300 minutes and then when the device renews its AP the MAC filter will be active and force the device to connect to the preferred AP.
 
While not a solution I had the same problem if for some reason the router and APs rebooted devices might connect to a non optimal AP so I set my DHCP lease times to 300 minutes and then when the device renews its AP the MAC filter will be active and force the device to connect to the preferred AP.
Renewing a DHCP lease does not disconnect a client from its access point (if that's what you're suggesting).
 
My config: AX6000 - mesh master, AX86U + AX88U mesh nodes, AC68U - AP for IOT in stand alone building. Why AC68 - because mesh nodes doesn't support new firmware feature Guest Network Pro/IOT network.
Smart devices from stand alone building try to connect to AX6000 with bad signal. To prevent this I create on AX6000 MAC filter to disable such connection. But it doesn't work, if AX6000 start first, smart devices connect to it.
Does anybody know how to prevent such unwanted connections?

Adjusting AP and client locations can change how they connect... spread the APs farther apart to reduce signal overlap to give clients a better/obvious signal choice. Once layout is settled, more or less, try incrementing 2.4 Roaming Assistant RSSI threshold from -80 dBM until stationary clients boot to near node. ... maybe you have too many APs in too little area.

OE
 
Adjusting AP and client locations can change how they connect... spread the APs farther apart to reduce signal overlap to give clients a better/obvious signal choice. Once layout is settled, more or less, try incrementing 2.4 Roaming Assistant RSSI threshold from -80 dBM until stationary clients boot to near node. ... maybe you have too many APs in too little area.
All of this may or may not work in normal situation. But I wrote about IOT network created by AX6000. Smart devices does not switch to another standalone AP (not mesh node) with -54dBM and stay connected with -94dBM to AX6000 if it was started first until it will be rebooted. Distance between main router and AP more than 50 meters and they are in different buildings.
 
All of this may or may not work in normal situation. But I wrote about IOT network created by AX6000. Smart devices does not switch to another standalone AP (not mesh node) with -54dBM and stay connected with -94dBM to AX6000 if it was started first until it will be rebooted. Distance between main router and AP more than 50 meters and they are in different buildings.

Roaming Assistant should either work or not work... it usually works at some distance... given your large layout, you should be able to make it work at some distance. You could also use a more localized SSID dedicated to an area's IoT clients... will they ever need to connect to the main router so far away.

Be sure to restart clients to make them reconnect after some change... rebooting just the router is sometimes not enough.

OE
 
The first guest network in both 2.4GHz and 5GHz can be broadcasted to all nodes.
Since these devices use 2.4GHz, you can allocate them the first 2.4GHz guest network, and use the 5GHz guest network for your human guests.
 

Attachments

  • 1699638547147.png
    1699638547147.png
    105.3 KB · Views: 32

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top