CnMaestro - Block Vendor MAC

Hello guys,

Is it possible to block a MAC vendor to connect to all equipments on my WLAN? I have a client that has MAC randomization enabled and hes using free data beacuse of it. I need to stop it as soon as possible.




I don't think we have an option to prevent association based on OUI list, but have on option using MAC ACL with mask option on WLAN to prevent set of MACs in accessing the network. Soon will share the MAC ACL configuration format. 

By the way do you mind in listing OUI or range of MAC you would like to prevent in accessing the network. Here is my mailing details in case want to unicast communication. 


here is the solution flow.

1. manage all aps from cnMaestro (cloud or on-premises version)

2. on wlan enable mac authentication with the option "cnMaestro" 

3. on cnMaestro define Association ACL under Configuration > Association ACL

4. Keep default action as Allow 

5. Add OUI entry with action as deny like 00-08-22-FF-FF-FF 

6. Save the configuration 

7. From cnMaestro under device Clients -> Unconnected clients we can association is denied with the reason like "Denied by cnmaestro MAC ACL"

The screen capture for

WALN Settings

cnMaesto Association ACL 

Device stats is attached 

I found this working when created MAC Association ACL for Intel OUI "E4:A7:A0", all my intel clients not able to connect but i was able to connect all other clients like apple and etc 

hope this solution meet your requirments


1 Like