Hello, Is there any way to have specific MAC addresses bypass the built-in captive portal? We're preparing to deploy a voucher-based WiFi solution for a small hotel and we forsee the need to allow guest devices without a web browser, like Chromecasts and game consoles. Is there a spot in cnMaestro to enter a MAC address to allow a device to bypass the captive portal login?
Yes there is, here is how to do it:
Go to your guest WLAN > Configuration > Guest access. Then tick "MAC Authentication Fallback"
Now go to Access control and select "cnMaestro" within the MAC Authentication field. Save your config.
Now go to Configuration > Association ACL. Set the Default Access as Deny and click the add button to add a MAC address. Save and you're done!
Thanks! That should work great.
Sweet, thanks! We had bagged using Maestro as a captive portal solution about a year ago because we couldn't find a way to whitelist devices. This worked. Thanks!
Is this still regarded as the best practice solution for bypassing the captive portal by MAC?
For MAC whitelist, you can use either cnMaestro or RADIUS server or on device MAC ACL.
Thank you for the fast response - would one be able to set rate limits on these whitelisted MACs?
“MAC AUTH Fallback” feature is purely for MAC Authentication implementation via cnMaestro, RADIUS etc…
Please share your deployment scenario, based on requirements, our tech team can recommended solution for the same.
(2023/01/28) Note that if you do this, and you monitor which Vouchers you have issued, the ACL MAC bypass will issue a Voucher to the device. You will have to look in the Client Login Events list to figure out which Voucher ID it consumed.
Does this still work for people? Cambium support are telling me that “As per CAOS Engineering, MAC Authentication fallback works only with RADIUS.”
More details w.r.t options supported for MAC ACL is described in MAC Access Control List / MAC Authentication - Knowledge Base - Cambium Community.
Additional to options mentioned in above URL, cnMaestro based MAC-ACL is supported.