This document shows how to use the station rule table in the WLAN controller to deny WLAN access to certain devices based on their MAC address.

The LANCOM access point must be operating WPA2 encryption.

1) Enable the MAC check in the logical SSID
1.1) In the menu WLAN Controller → Profiles → Logical WLAN Networks (SSIDs) create the SSID with the desired parameters.
The following items are important for using LEPS MAC:
  • Activate the MAC check and
  • Use WPA version WPA2.

2) Store the MAC address in the station table:
2.1) In the menu WLAN Controller → Stations/LEPS → Station rules, set the MAC address to the unwanted MAC address.
2.2) Set the passphrase to a generated key of maximum security.

The only way for this client to login is with this very long WLAN key. The passphrase used in the logical profile is no longer available to the client.
If the other WiFi devices should be able to connect to the WLAN via the regular passphrase it is necessary to create a "dummy" user.
As MAC address pattern as well as SSID pattern enter the wildcard *. This wildcard can be used for any number of characters. The Passphrase has to be left empty.

2.3) Write the configuration back to the LANCOM WLAN controller.