ACL for one Client is not working

frankpp · January 24, 2024, 10:49am

Hi,

I’m trying to deny acces for one client only if the signal strenght is below a specific point.

 ;;; IPhone Frank
     mac-address=XY:64:BA:ZZ:9B:YY interface=wlan1 signal-range=-40..120 allow-signal-out-of-range=5s
     authentication=yes forwarding=yes ap-tx-limit=0 client-tx-limit=0 private-algo=none private-key=""
     private-pre-shared-key="" management-protection-key="" vlan-mode=default vlan-id=1

But this device ist still connecting to this Acces point, even RSSI is below -40dBm.
All other clients should not be affected by an ACL rule.

thanks

Frank

bpwl · January 24, 2024, 11:43am

Well at least you need two settings. The allowed access will not be stopped, if there is no deny ACL rule (interface general rule or specific for this MAC)

By default the interface general rule is allow (authenticaion=yes).
As you want to deny acces for one client only, when power is low, then a specific (authentication=no) rule for that MAC is needed, besides the allow rule you already have, with it’s signal out of range timer.
The interface rule can stay to allow the other devices.

rextended · January 24, 2024, 11:52am

Remove that rule, paste this one below into the terminal, then replace the fake address with the correct MAC address:

/interface wireless access-list
add authentication=no interface=wlan1 signal-range=-120..-41 mac-address=DE:AD:BE:EF:00:00