I currently use an RT-AC5300 as my main router with two RT-AC67U as AIMesh nodes (wired backhaul). All are running the last 386.14-2 firmware. I use MAC address filtering on my WIFI, as both a defense in depth strategy, but also ensures I know what devices my family are trying to connect to our home network. I then run a Guest network (5G only) with MAC filtering off, and blocked intranet on. The problem I've just encoutered is I've reached some limit within the hardware/firmware to add more devices to the MAC address filter (at least on 2.4Ghz). I get the following error when trying to add new device
Please delete unused rule if you want to add new rules.
- AiMesh client binding rule
- MAC filter list
I use AiMesh binding as I have a bunch of dumb IOT devices that won't connect to the AP with the strongest signal so I force them this way. I'm not sure if I'm reaching some nvram limit here as far as I can tell the NVRAM lists for these two items are mutually exclusive (I believe sta_binding_list for AIMesh and wl0_maclist for MAC filter on 2.4). So is there an alternative way to go about this, removing the need to use built in MAC filter, and instead using script or config files? I suspect this can be done with IPtables, but that is getting to the edge of my comfort zone, so would need some advice how to do that. (Assume drop all MAC address on INPUT for Wireless interface, then allow the ones I want?) I have also been looking at YazFi to see if that can work but unsure if it works with AIMesh, or even if it can help me isolate devices to one AP or moves the MAC filtering to script/config file. I have a lot of devices, so not thrilled to go and reconnect them all to a new SSID, Especially as with Tuya devices that forces a new local key which I then have to go resetup all devices in Home Assistant. I do use /jffs/configs/dnsmasq.add to bind IOT devices to specific IP's and Client Names.
So given all this appreciate any advice or guidance on how to overcome this limit I've reached while maintaining;
1. Guest 5G Wifi with no MAC filtering, but only WAN access;
2. IOT devices with bound IP's that are blocked to WAN so no phoning home.
3. AI Mesh working for 5G tablets/phones/laptops etc so my family can roam around the house and not lose 5G connection.
4. Control over which devices can connect to my LAN.
Thanks for reading, and any advice you have.
Regards....Rob
Please delete unused rule if you want to add new rules.
- AiMesh client binding rule
- MAC filter list
I use AiMesh binding as I have a bunch of dumb IOT devices that won't connect to the AP with the strongest signal so I force them this way. I'm not sure if I'm reaching some nvram limit here as far as I can tell the NVRAM lists for these two items are mutually exclusive (I believe sta_binding_list for AIMesh and wl0_maclist for MAC filter on 2.4). So is there an alternative way to go about this, removing the need to use built in MAC filter, and instead using script or config files? I suspect this can be done with IPtables, but that is getting to the edge of my comfort zone, so would need some advice how to do that. (Assume drop all MAC address on INPUT for Wireless interface, then allow the ones I want?) I have also been looking at YazFi to see if that can work but unsure if it works with AIMesh, or even if it can help me isolate devices to one AP or moves the MAC filtering to script/config file. I have a lot of devices, so not thrilled to go and reconnect them all to a new SSID, Especially as with Tuya devices that forces a new local key which I then have to go resetup all devices in Home Assistant. I do use /jffs/configs/dnsmasq.add to bind IOT devices to specific IP's and Client Names.
So given all this appreciate any advice or guidance on how to overcome this limit I've reached while maintaining;
1. Guest 5G Wifi with no MAC filtering, but only WAN access;
2. IOT devices with bound IP's that are blocked to WAN so no phoning home.
3. AI Mesh working for 5G tablets/phones/laptops etc so my family can roam around the house and not lose 5G connection.
4. Control over which devices can connect to my LAN.
Thanks for reading, and any advice you have.
Regards....Rob
Last edited:
