Wireless_DWIT_MAC_Filter

Wireless_DWIT_MAC_Filter_List

Wireless > MAC Filter List

Wireless networking provides native MAC filtering capabilities which prevents wireless clients from authenticating and associating with the wireless security appliance. If you enforce MAC filtering on the WLAN, wireless clients must provide you with the MAC address of their wireless networking card. The SonicOS wireless MAC Filter List allows you to configure a list of clients that are allowed or denied access to your wireless network. Without MAC filtering, any wireless client can join your wireless network if they know the SSID and perhaps other security parameters to “break into” your wireless network.

Figure 42:1 displays typical SonicWALL MAC Filter List deployment scenarios.

Figure 42:1 Typical MAC Filter List Topologies

Deployment Considerations

Consider the following when deploying the MAC Filter List:

For the SonicPoint-N appliance, this feature requires the gateway to store the MAC Filer List settings.
For the SonicWALL TZ series appliance’s internal wireless, some members need to be added to the VAP structure to store the MAC Filter List settings and the complete function should be modified to set the configurations to the driver.
MAC Filter List configurations are added to the Wireless Virtual Access Point (VAP) profile settings. They can be view by navigating to the Wireless > Virtual Access Point page.

Using the Wireless > MAC Filter List Page

In your management interface, navigating to the Wireless > MAC Filter List page. Tables 1 and 2 describe how to use the SonicWALL MAC Filter List feature.

Figure 42:2 Wireless > MAC Filter List

Table 4 Wireless > MAC Filter List Descriptions

Name	Description
Accept Button	Applies and saves the latest configuration settings.
Cancel Button	Cancels the configuration.
Enable MAC Filter List Checkbox	Enables the MAC Filter List feature for the selected groups.
Allow List: Drop-Down	Selects the group you want the MAC Filter List to allow access to your wireless network. When clicking the Allow List drop-down and selecting Create New MAC Address Object group, the Add Address Object Group window (Figure 42:3) displays.
Deny List: Drop-Down	Selects the group you want the MAC Filter List to deny access to your wireless network. When clicking the Deny List drop-down and selecting Create New MAC Address Object group, the Add Address Object Group window displays.

Figure 42:3 Add Address Object Group Window

Table 5 Add Address Object Group Descriptions

Name	Description
Name: text field	Enter a name for the new address object group.
Left Panel	Displays the available objects. Select the objects you want to include in your new group.
Right Arrow Button	Transfers the selected objects from the left panel to the right panel.
Left Arrow Button	Transfers the selected objects from the right panel to the left panel.
Right Panel	Displays the objects selected for your new group.
OK Button	Applies the configuration.
Cancel Button	Cancels the configuration.

Configuring the MAC Filter List

To configure the MAC filter list to allow or deny address object groups, perform the following steps:

Log into your SonicWALL management interface.
Navigate to the Wireless > MAC Filter List page.

Enter and do the Following:

Click the Enable MAC Filter List checkbox.
Click the Allow List drop-down, select the address group you want to allow.
Click the Deny List drop-down, select the address group you want to deny.

To add new address objects to the allow and deny lists, click the drop-down and select Create New MAC Address Object Group... .

The Add Address Object window displays.

In the Name: text field, enter a name for the new group.
In the left column, select the groups or individual address objects you want to allow or deny. You can use Ctrl-click to select more than one item at a time.
Click the -> button to add the items to the group.
Click OK.
Click the Accept button. Verify that your list was created.