This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WIFI AP6-420e MAC Filter issues

We are currently testing phase of AP6-420e APs.   

Is there anybody else experiencing MAC filter configuration issues.....

We are testing 3 SSIDs that are on separate VLANs and each SSID is needing a MAC filter.  

I thought at first, I was not hitting the save button but too many oddities have come up and now beginning to wonder if I can trust this stuff....

In the past couple of weeks here is what I have experienced with the MAC filtering:

- I setup the mac filter for a SSID....then some time period later, I find the MAC filter setting was changed to NONE......This is very concerning.

- One day checked the 3 SSIDs that had MAC filters in place and ALL the SSID MAC filters were setback to NONE.

- Most recently, I added one MAC address to one of the SSID MAC filters and all the existing MAC addresses were erased.  The only MAC address in the filter was the one I added.    But the troubling part was that the MAC filters in ALL the other SSIDs were changed as well. O nly that one MAC address I added was in ALL the MAC filters for all SSIDs......

Is this stuff ready for production environments if these things keep happening??

Case was created but wanted to know if anybody else is having these issues.



This thread was automatically locked due to age.
  • Do you use Band Stearing? docs.sophos.com/.../index.html

    __________________________________________________________________________________________________________________

  • Band steering is not ON.......  I was told you cannot have Advance Threat Protection on along with MAC filtering option.  However, with Advance Threat Protection turned on, I am still able to enable MAC filtering.   Not sure why this would be......

  • __________________________________________________________________________________________________________________

  • Thanks for your response...

    Little sloppy to allow a customer to turn MAC filtering on when Active Threat Response is on.   No warning messages or anything other than it being in the "documentation" ......On top of that I would like to know the reason why both can't be used at the same time.   

  • Actually the Docs is not correct. We will address this one. 

    You cannot use a Whitelist approach and ATR at the same time (Meaning, you Whitelist a MAC and block the same MAC at the same time). The Docs is misleading on that page. 

    One step back here: 
    Do you use white or blacklist in central? 
    And if you say, the List is empty --> is it empty in Central or the Access point management itself? 

    __________________________________________________________________________________________________________________

  • We use whitelists only in Central>Wireless.  No idea where ATF is located in Central....as we do not have any Sophos Firewalls or Switches in our environment. 

    I finally looked at the ATR and how it functions.....I can see this could be problematic....  However, there should/could be logic built in that that ATF MAC block would supersede the whitelisting.

    At the very least give the customer the ability to granularly apply ATF to SSIDs that are not using the MAC whitelist......

    The MAC list in the ATR located in Central>Wireless is/was empty before I disabled it.

    Still stand by my comment.....If ATF is enable in Central>Wireless for AP6 then the MAC filtering option should be greyed out in the SSID.....

  • I turned off ATF yesterday 6/11.  Today, I check the 3 SSID that I have the MAC allowed function turned on.  All of them have one MAC address listed (same MAC address).  I added a list of MAC addresses to one SSID and save the configuration.

    When I opened the other 2 SSIDs, the list of MAC addresses I entered in the one SSID were now populated in other 2 SSIDs MAC allowed lists.  Why would this be happening? Something is really wrong here.....  

  • The end result is the Sophos WIFI solution does not offer the ability to create multiple MAC filters and apply the individual MAC filter to specific SSIDs.  There is only ONE - ALLOW/DENY filter for ALL SSIDs.  I was told incorrectly at a DEMO that MAC filters could be setup for each individual SSID.   Even the way the WIFI portal is laid out implies the filter would be for that SSID..... There is a "warning" message but that warning message is very generic and can be interpreted several different ways.

    With that said, we have begun the process of returning the APs and having to go with a more Enterprise grade solution.......