It would be great when the CLI would have a possibility to create a black-/whitelisting of MAC-Addresses.
The necessary config-parts of hostapd would be:
# Station MAC address -based authentication # Please note that this kind of access control requires a driver that uses # hostapd to take care of management frame processing and as such, this can be # used with driver=hostap or driver=nl80211, but not with driver=atheros. # 0 = accept unless in deny list # 1 = deny unless in accept list # 2 = use external RADIUS server (accept/deny lists are searched first) macaddr_acl=0 # Accept/deny lists are read from separate files (containing list of # MAC addresses, one per line). Use absolute path name to make sure that the # files can be read on SIGHUP configuration reloads. #accept_mac_file=/etc/hostapd.accept #deny_mac_file=/etc/hostapd.deny
example content of hostapd.accept
# List of MAC addresses that are allowed to authenticate (IEEE 802.11) # with the AP. Optional VLAN ID can be assigned for clients based on the # MAC address if dynamic VLANs (hostapd.conf dynamic_vlan option) are used. 00:11:22:33:44:55 00:66:77:88:99:aa 00:00:22:33:44:55 1
example content of hostapd.deny
# List of MAC addresses that are not allowed to authenticate (IEEE 802.11) # with the AP. 00:11:22:33:44:55 00:66:77:88:99:aa