MacOS – Blacklist wireless access point in macOS

macosNetworkwifi

I am the network admin of a small company. We have a rogue wireless access point broadcasting our SSID that's not connected to the network. Occasionally, the Macs in the area will attach to this AP and will then have no network access.

I have identified the MAC address of this WAP/device.

Is there a way to blacklist the MAC address of this specific AP so that the Mac workstations/laptops don't try to use for network access?

(Fair warning, I'm a Windows guy, so please provide instructions a 5-year old can understand 🙂 )

Thanks in advance!

Best Answer

Unfortunately macOS does not provide a way to blacklist a specific access point. On some other operating system you can do this via the BSSID (basic service set identifier) of the access point.

You were referring to a MAC, but it is not really a MAC - but rather a BSSID. The BSSID is usually derived from the actual MAC of the access point though, but it is not the same.

I would look at two ways to solve the problem:

The first would be to try and find the rogue access point by connecting to your Macs remotely and issuing the following command:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s

This command gives you a list of the access points in range - including the BSSID. If you automate this command to be run on all computers, you should be able to narrow down which computers can detect that access point, and with which signal strength. Hopefully this will allow you to find the rogue access point.

The second way to try and solve the problem is to work the other way around - namely by specifying which access point your desktops connect to. I.e. do not block a specific access point, but instead specify which to connect to (a kind of white list).

You can connect to a specific access point using this command:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport --associate=<SSID> --bssid=<BSSID>

You must replace "" and "" with their corresponding values.

If you have multiple access points of your own, you'll need to create a small scirpt to select the known-good BSSID with the best signal strength obtained from running the previously mentioned command.

There's also a third party utility that supposedly makes it easier to associate to a specific access point:

https://github.com/qpSHiNqp/airport-bssid

However it seems it hasn't been updated since 2016, so it might be out of date.

It is used like this:

airport-bssid <interface> <bssid> <password>

where you need to replace , and accordingly. Interface could be for example "en1".

Best Answer

Related Solutions

Configure an Airport to connect to internet via a wireless hotspot

AirPlay doesn’t work when AirPort Exp. extends the network

Related Question