Airport Extreme mac filter user limit and guest network bandwidth cap

Discussion in 'Mac Accessories' started by veniculum, Feb 16, 2013.

  1. veniculum macrumors newbie

    Jun 20, 2009
    I manage a network with about 65 users, and we have recently setup a BYOD (Bring Your Own Device) addition to our primary, private network (DS3/MPLS). Our BYOD network is growing in size...and while I keep it locked with a WPA2 password, I also use a mac filter to only allow in authorized devices. This filter IS NOT my primary means to keep this I really don't need a lesson on why I should or shouldn't implement a mac filter. This is simply a deterrent against avg. every day users from keeping their 'unregistered' devices off our network. So please....I don't need to hear about how easy it is to bypass a mac filter. Quite frankly...if someone that works for my company has enough know how to spoof a mac address...then all the power to them...they can get on that network What I need to know is, is there a limit on the number of addresses you can add. Many routers have a limit on this. D-Link is 25...Linksys, 30 or 35. I'm using a Netgear N-600 right now, which has no limit at all...and there are 42 registered devices on that ACL/filter.

    The other question I have is...does the latest Airport Extreme router have a 'guest' network (I believe I read it do most home-based routers)...however, what I need to know is, is there a way to put a cap on the bandwidth for that built-in guest network. So, for example...we're using a 50Mbps business cable modem for this BYOD network. I'd like to be able to setup an additional guest network for the occasional visitor to our office...and not have to worry about adding them to the ACL. But I'd also like to set the maximum download speed for those users to, say 1 or 2 Mbps. Thus, keeping those who are using the BYOD network off the real 'guest' network, due to the slower speeds.

    So...that's what I need to know...from someone who has one of these latest model routers. 1) Maximum number of addresses that can be added to the ACL/mac address filter - yes or now/how many if yes....and 2) can you setup bandwidth limit (using QOS maybe?) for the built-in guest network.

    My current router does support the unlimited mac address filter...but does not support a bandwidth management utility for the guest network.

    Thanks in advance for your replies.
  2. smellalot macrumors 6502

    Dec 6, 2011
    Apple's wireless routers don't have QOS (at least not user accessible). I have never built a network as big as yours. But from what you're asking for I'd say get a powerful router and put DD-WRT on it. You can create all three networks you want on it. Also I guess there is no limit for the MAC filter.
  3. HenryAZ macrumors 6502a


    Jan 9, 2010
    South Congress AZ
    I don't have the newest AEBS, but do have the latest firmware, which adds the Guest Network capability. The only option I see for the Guest Network is type of security.

    I've never seen any bandwidth caps in the AEBS's.

    One suggestion for the flexibility you seek would be to separate the router and wifi functions into two devices. I do this by using the AEBS as an access point only, and a Mikrotik router (Linux based) for my router. The 450G Mikrotik has 5 1000base-t ethernet ports and quite an impressive feature set for a <$100 router. The feature that would help you out there would be queuing (set up IP's in queues with bandwidth limits on each queue).

    The Mikrotik is strictly roll-your-own everything, but you can roll quite a lot (BGP, load balancing, extensive firewall rules and tons more).

    Mikrotik Wiki
  4. Altemose macrumors G3


    Mar 26, 2013
    Elkton, Maryland
    This is really late, I know. However, I recently installed wireless into a school building. I chose Apple AirPort as the routers. I have one AirPort Extreme setup as a controller, with eight AirPort Expresses set as access points spread all around the building. The network has performed admirably.

    Depending on the size of the building, I would focus on getting multiple access points to load balance the bandwidth and increase signal strength. My network regularly has 70 concurrent users. There are two networks, a WPA2 Enterprise secured faculty and administration network, as well as a student network setup as the "Guest Network". In critical points of the building, there are generally 20 clients per access point. The entire network is wired by Cat5e.

    As of firmware 7.6.3 (we are deploying 7.6.4 now), the guest network is extended by the access points. All in all, provided you keep the network limited to maybe 30 per access point, and wire everything in using Gigabit switches and at least Cat5e, you shouldn't have any problems. We have not had any speed problems even with the full-speed student network, and it is entirely connected to a 50 Mbps connection also.

    I think the AirPort is a great access point for what you need to do.

    :apple: Altemose :apple:

Share This Page