How to block WiFi-Clients using cnMaestro Cloud/On-Premises Server?


  When a user associates a wireless client device with an AP that the cloud server is managing, the client device is recorded and tracked. If, for any reason, you need to block a client device from accessing the network, you can do so from the below steps.

A few reasons why you might consider blocking a wireless client device include:

  • Network abuse
  • Violation of acceptable use policy
  • Theft
  • Security compromise


    Follow below steps to block a wireless client and 

  • Manually add the clients MAC addresses in the Association ACL
  • Use the Block option available under the Clients tab after association with AP.


   Manually add the devices MAC addresses in the Association ACL on your Cloud/On-premises server

  • Navigate to Configuration > Association ACL page
  • Click Add to add a MAC under Association ACL
  • If MAC is not configured under the policy (to allow/deny), the default action will be applied.
  • To edit/delete Association ACL, click on the respective icons.
  • You can import Association ACL, by clicking Import.csv button and export using the Export button


                Use the Block option available under the Clients tab after association

  • Navigate to Manage > then, navigate the Device Tree to the appropriate level for AP (client connected AP) > Click on Clients > Wireless Clients > Actions > Click on Block

  • Respective client will get blocked and show up under the Association ACL and you can modify the rule (Access/Deny) accordingly.

Important Note:

  • In-order for the APs to hit the Association ACL lists using both the methods, WLAN profiles must have MAC Authentication as cnMaestro.
    • To configure MAC authentication as cnMaestro:
    • The Association ACL is shared among all Enterprise WLANs, but it must be explicitly mapped to each Enterprise (Shared Settings > WLANs and AP Groups > Click on the WLAN profile that you want to configure).
    • Wireless LAN that uses it (Under Configuration > Access Control > MAC Authentication)


 How it Functions:

  • When a client requests to get connected to an AP
  • The AP sends MAC authentication request along with the client’s MAC and the Customer ID (CID) to the Controller.
    • This is optional and occurs only if MAC ACL is configured for the WLAN on the AP and the policy for the MAC ACL is cnMaestro.
  • Controller checks and responds with an action to allow or deny the request.
  • AP allows or denies the client’s request based on the Controller’s response.


          Both Cloud and On-Premises server supports up to 10,000 MAC entries

1 Like