AP Controller Enhancements - MAC Filtering on Zyxel AP Controller (Firmware V1.36)

Created - Updated
Serhii Boiarynov
Idea generator
Great answers
Master (Platinum)
Print Friendly and PDF
Have more questions? Submit a request

MAC filtering on Zyxel AP Controllers allows administrators to control which wireless clients can associate with an SSID based on their MAC addresses. Firmware V1.36 introduces a structured system of client policies and MAC filtering types, enabling flexible access control. This article describes how MAC filtering works, how to configure it, and where to place each visual element from the official slide deck.

MAC filtering determines whether a client can join a wireless network based on its source MAC address and the assigned client policy.

Client Policies 

  • Normal – Default policy for wireless clients

  • No Policy (NEW) – Default policy for wireless clients

  • Block – Requires manual selection

  • Allow (NEW) – Requires manual selection; guarantees association with the SSID

MAC Filtering Types (SSID-Level Filtering)

The AP Controller supports three MAC filtering modes at the SSID level:

ALLOW

  • Ideal when only a small number of devices should have access.

  • New clients with default policies cannot access the SSID.

  • Only clients with an Allow policy can associate.

BLOCK

  • Ideal when most devices should have access.

  • New clients with default policies can access the SSID.

  • Only clients with a Block policy are denied.

DISABLE (Default)

  • No filtering applied.

  • All clients can associate with the SSID.

  •  

 

Client Policies vs MAC Filtering Types

Client PolicyDisable (Default)AllowBlock
No Policy (Default)✓ Can access SSID✗ Cannot access SSID✓ Can access SSID
Allow✓ Can access SSID✓ Can access SSID✓ Can access SSID
Block✓ Can access SSID✗ Cannot access SSID✗ Cannot access SSID

MAC Filtering with Wildcard (OUI Support)

An OUI is the first 3 bytes of a MAC address and identifies the device manufacturer. This allows filtering not only individual devices, but also groups of devices from the same vendor.

Wildcard format example:
AA:BB:CC:*

All devices with MAC addresses starting with this prefix will match the rule.

This works in both modes:

  • ALLOW: only matching devices are permitted
  • BLOCK: matching devices are denied

This feature simplifies management and improves scalability when handling multiple devices from the same manufacturer.

Limits for Client Policies

Each AP or AP Group supports:

  • Up to 512 Block policies per SSID

  • Up to 512 Allow policies per SSID

If a policy is applied “to all SSIDs,” it only applies to SSIDs where MAC filtering is enabled.

Configuring MAC-Filter Action

You can configure the MAC filtering mode in:

Wireless → SSID Settings → WLAN Settings

Adding Clients with Policies

Policies can be assigned before or after a client connects.

Adding a client before the client has connected may only select Block or Allow policies.Adding a client after the client has connected may select Block or Allow or No Policy policies.

Verifying Blocked Clients

MAC filter block events appear only in per-AP logs and are categorized under Wireless LAN.

 

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.