Page History

Status
colour Blue
title In Progress

Overview:

MAC Filtering (Access Control List – ACL) is a security feature used to control device access to the WiFi network based on the device’s unique MAC (Media Access Control) address.

...

Code Block

language	c
title	Data Models for Mac Filtering
linenumbers	true
collapse	true

# For 2G
dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.Enable
dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.
# For Adding MacFIlterTable
dmcli eRT addtablegetv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTableMACFilter.FilterAsBlackList 
dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCOCOMCAST-COM_COM_MACFilter.FilterAsBlackList MAC_FilteringMode
 # For Adding MacFIlterTable
dmcli eRT getvaddtable Device.WiFi.AccessPoint.1.X_CISCO_COMCAST-COM_MAC_FilteringMode
MacFilterTable.
# For Deleting 5GMacFIlterTable
dmcli eRT getvdeltable Device.WiFi.AccessPoint.21.X_CISCO_COM_MACFilter.EnableMacFilterTable.*. [Here * refers the table number]
 
# For 5G
dmcli eRT getv Device.WiFi.AccessPoint.2.X_CISCO_COM_MacFilterTable.
# For Adding MacFilterTableMACFilter.Enable
dmcli eRT addtablegetv Device.WiFi.AccessPoint.2.X_CISCO_COM_MacFilterTable.
dmcli eRT getv Device.WiFi.AccessPoint.2.X_CISCO_COM_MACFilter.FilterAsBlackList 
dmcli eRT getv Device.WiFi.AccessPoint.2.X_COMCAST-COM_MAC_FilteringMode

 # For Adding 6GMacFIlterTable
dmcli eRT getvaddtable Device.WiFi.AccessPoint.172.X_CISCO_COM_MACFilter.EnableMacFilterTable.
# For Deleting MacFIlterTable
dmcli eRT getvdeltable Device.WiFi.AccessPoint.172.X_CISCO_COM_MacFilterTable.*. [Here * refers the table number]

# For Adding MacFilterTable 6G
dmcli eRT getv Device.WiFi.AccessPoint.17.X_CISCO_COM_MACFilter.Enable
dmcli eRT addtablegetv Device.WiFi.AccessPoint.17.X_CISCO_COM_MacFilterTable.
dmcli eRT getv Device.WiFi.AccessPoint.17.X_CISCO_COM_MACFilter.FilterAsBlackList 
dmcli eRT getv Device.WiFi.AccessPoint.17.X_COMCAST-COM_MAC_FilteringMode
# For Adding MacFIlterTable
dmcli eRT addtable Device.WiFi.AccessPoint.17.X_CISCO_COM_MacFilterTable.
# For Deleting MacFIlterTable
dmcli eRT deltable Device.WiFi.AccessPoint.17.X_CISCO_COM_MacFilterTable.*. [Here * refers the table number]

Parameter Description

Enable
- true -> MAC filtering enabled
- false -> Disabled
FilterAsBlackList
- true -> Blacklist mode (block listed MACs)
- false -> Whitelist mode (allow only listed MACs)
MACAddress
- colon separated list of MAC addresses

Mapping to Radios

Radio Band	Access Point Instance
2.4GHz	AP 1
5GHz	AP 2
6GHz	AP 17

For MLO builds, Sharing the steps to test the MAC Filtering from both WebUI and DMCLI:

1. Select the SSID you want to apply MacFiltering and connect to a client, Here I have connect to 2G:

Image Added

Code Block

language	c
title	2G-Allow-ALL
linenumbers	true
collapse	true

root@Filogic-GW:/tmp# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.Enable
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.Enable
               type:       bool,    value: false 

root@Filogic-GW:/tmp# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.

root@Filogic-GW:/tmp# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.FilterAsBlackList 
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.FilterAsBlackList
               type:       bool,    value: false 

root@Filogic-GW:/tmp# dmcli eRT getv Device.WiFi.AccessPoint.1.X_COMCAST-COM_MAC_FilteringMode
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_COMCAST-COM_MAC_FilteringMode
               type:     string,    value: Allow-ALL 

root@Filogic-GW:/tmp#

2. Select from Auto-Learned Devices and click Addor enter the MAC Address and Device Name under Manually Added Wi-Fi Devices, then click Add. Then Click on Save Filter Settings to apply the settings.

WebUI:
Image Added

DMCLI:

Code Block

language	c
title	2G-MacFIlterTable-Add
linenumbers	true
collapse	true

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.Enable
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.Enable
               type:       bool,    value: false 

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.MACAddress
               type:     string,    value: 6A:61:9F:4B:D2:A7 
Parameter    2 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.DeviceName
               type:     string,    value: Pixel-7a 

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.FilterAsBlackList 
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.FilterAsBlackList
               type:       bool,    value: false 

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_COMCAST-COM_MAC_FilteringMode
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_COMCAST-COM_MAC_FilteringMode
               type:     string,    value: Allow-ALL 

root@Filogic-GW:/var/log# #If needed to add table from dmcli, please perform addtable command and then set the MacAdress and HostName like below for reference:

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable. 
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter 1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.MACAddress
type: string, value: 6A:61:9F:4B:D2:A7 
Parameter 2 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.DeviceName
type: string, value: Pixel-7a 

root@Filogic-GW:/var/log# 
root@Filogic-GW:/var/log# dmcli eRT addtable Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
addtable from/to component(eRT.com.cisco.spvtg.ccsp.wifi): Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.
Execution succeed.
Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.2. is added.

root@Filogic-GW:/var/log# 
root@Filogic-GW:/var/log# 
root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter 1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.MACAddress
type: string, value: 6A:61:9F:4B:D2:A7 
Parameter 2 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.DeviceName
type: string, value: Pixel-7a 
Parameter 3 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.2.MACAddress
type: string, value: 00:00:00:00:00:00 
Parameter 4 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.2.DeviceName
type: string, value: 

root@Filogic-GW:/var/log# 
root@Filogic-GW:/var/log# dmcli eRT setv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.2.MACAddress string 00:11:22:33:44:55
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.

root@Filogic-GW:/var/log# dmcli eRT setv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.2.DeviceName string Host-Name 
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter 1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.MACAddress
type: string, value: 6A:61:9F:4B:D2:A7 
Parameter 2 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.DeviceName
type: string, value: Pixel-7a 
Parameter 3 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.2.MACAddress
type: string, value: 00:11:22:33:44:55 
Parameter 4 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.2.DeviceName
type: string, value: Host-Name 

root@Filogic-GW:/var/log# 
#############################################And for deleting a table, please peform the below commands to verify
root@Filogic-GW:/var/log# dmcli eRT deltable Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.2.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
deltable from/to component(eRT.com.cisco.spvtg.ccsp.wifi): Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.2.
Execution succeed.

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter 1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.MACAddress
type: string, value: 6A:61:9F:4B:D2:A7 
Parameter 2 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.DeviceName
type: string, value: Pixel-7a 

root@Filogic-GW:/var/log#

3. Set the Mode - ALLOW, DENY , ALLOW-ALL to be applied on ACL:
Once Selecting Allow Mode, click on save(It will Whitelist(allow) the device present in Control List and Blacklist(block) the other client devices)

WebUI:

Image Added

DMCLI:

Code Block

language	c
title	Allowing only Control list devices and Blacklisting the other devices
linenumbers	true
collapse	true

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.Enable
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.Enable
               type:       bool,    value: true 

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.MACAddress
               type:     string,    value: 6A:61:9F:4B:D2:A7 
Parameter    2 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.DeviceName
               type:     string,    value: Pixel-7a 

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.FilterAsBlackList 
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.FilterAsBlackList
               type:       bool,    value: false 

root@Filogic-GW:/var/log# dmcli eRT getv Device.WiFi.AccessPoint.1.X_COMCAST-COM_MAC_FilteringMode
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_COMCAST-COM_MAC_FilteringMode
               type:     string,    value: Allow 

root@Filogic-GW:/var/log#

While Selecting Deny Mode, click on 'Save Filter Setting'(It will Blacklist(block) the Control List Device and WhileList(allow) the other Devices)

WebUI:

Image Added

DMCLI:

Code Block

language	c
title	Blacklisting the control list device
linenumbers	true
collapse	true

root@Filogic-GW:/# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.Enable
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.Enable
               type:       bool,    value: true 

root@Filogic-GW:/# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.MACAddress
               type:     string,    value: 6A:61:9F:4B:D2:A7 
Parameter    2 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MacFilterTable.1.DeviceName
               type:     string,    value: Pixel-7a 

root@Filogic-GW:/# dmcli eRT getv Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.FilterAsBlackList 
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_CISCO_COM_MACFilter.FilterAsBlackList
               type:       bool,    value: true 

root@Filogic-GW:/# dmcli eRT getv Device.WiFi.AccessPoint.1.X_COMCAST-COM_MAC_FilteringMode
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.WiFi.AccessPoint.1.X_COMCAST-COM_MAC_FilteringMode
               type:     string,    value: Deny 

root@Filogic-GW:/#

Logs are provided for 2.4 GHz only. The same behavior applies to 5 GHz and 6 GHz; please refer to these logs.

Reference Ticket:

Jira

server	JIRA
serverId	11deff04-0380-3a3d-a916-0849d4e573f7
key	RDKBACCL-1415

RDK Resources

[RDK Preferred]

Code Management Facility

RDK Forums

[RDK Conferences]

RDK Support

Archives

Versions Compared

Old Version 1

New Version Current

Key

Status
colour Blue
title In Progress

Overview:

Parameter Description

Mapping to Radios

RDK Resources

[*RDK Preferred*]

Code Management Facility

RDK Forums

[RDK Conferences]

RDK Support

Archives

Page History

Versions Compared

Old Version 1

New Version Current

Key

StatuscolourBluetitleIn Progress

Overview:

Parameter Description

Mapping to Radios

[RDK Preferred]

Status
colour Blue
title In Progress