The MAC bind list allow to restrict a client to get a specific IP address from AP. But, it can not restrict a client in case of manually configured IP address. Moreover, those client whose MAC address is not listed in Bind list automatically received dhcp IP address.Hence, an explicit deny action would restrict this action of assigning IP address to unlisted client device. In that case,any client without entry in MAC bind list will not be able to connect to Wi-Fi either by dhcp IP address or manually configured IP address.
I go through the options and found ,two restrictions on MAC. In one option, onboard DHCP server IP address can be bound to MAC address of mobile devices. In the other option, MAC association with WLAN can be restricted with authentication policy by deny,permit,radius and cnMaestro options. But I have not tested whether the explicit deny statment works in case of any device apart from permitted MAC address and how.Now, I want to know whether we can include same deny statement in onboard DHCP server also which will restrict the DHCP users without configuring in WLAN MAC authentication policy. It will be helpful if anyone can share experience who has already done this configuration.
Just confirmed both features. In case of MAC authentication policy under WLAN, there are four options available as I have mentioned. Any applied authentication policy whether its is permit, deny, radius or cnMaestro always followed by explicit exclusion for the rest without any additional configuration. This impose restriction on joining the Wi-Fi AP. In case of Network , DHCP server option in router mode , MAC bind list can be utilized which ensures same IP address be assgined to a specific user even if it gets IP address from DHCP server each time it connect to Wi-Fi AP.
Sorry,I could not able to reply your query. But , hope you got your solution. Please, note there is difference between Association ACL and MAC ACL .The former is used to allow or deny client to associate with the WLAN facility which in general used on wireless network whereas the later one used to restrict access into your system which could be applied on wired or wireless network after association. If i am wrong request admin to correct me.
I have checked this feature on E400 with cnMaestro. I got the desired result if I apply Assiciation MAC ACL and Static MAC binding simultaneously. Association MAC ACL ensure only allowed MAC on the WLAN whereas the Static MAC binding ensure to configure predefined static IP on the allowed MAC only. That's all.
You need to do the following to resolve your issues-
1. You need apply default access as deny which ensures all other MAC except the allowed to be denied.
2. You can add description as per your requirement. In general whenever any ACL is applied you can not alter any line under the ACL. I have experienced on Motorola(now Extreme Networks) system also. There also we could not short on basis of description as each entry has MAC entry number.
In case of cnMaestro you can export the association ACL in CSV format where you can short based on description.
Hope, Cambium team will be able to highlight on the point number 2 more than me.
YOU DON’T NEED TO DENY YOUR MAC SEPARATELY. DEFAULT DENY WILL AUTOMATICALLY DENY ANY MAC WHICH IS NOT LISTED ON THE ACL. PLEASE REMOVE YOUR MAC FROM THE LIST LEAVING THE ALLOWED MAC. EVEN IF YOU LEAVE YOUR WI-FI NETWORK OPEN USER OUTSIDE THE LIST WILL NOT BE ABLE TO ASSOCIATE WITH YOU WLAN.