The number of clients to be blocked has reached the limit ISSUE

@rg.kszi For me, It would be much easier just to block an unwanted client from the network, instead of dealing with MAC address lists (allow or not) that's why I'm looking for a solution which allows me to block more than 500 clients from the network. :)

 

Is there a hope TP-Link raises or (deletes) this limit in the future?

You could change the WiFi password and communicate it to the teachers. But probably it is time to look for a better authentication mechanism bbased on logging on with a more authoritative identity than the WiFi password. Using the logon/email address of teachers to logon to the network sounds like a more robust method. The downside of this solution is that you will need to provide another authentication option like using RADIUS or a portal. But doing nothing is not an option anyway.

  @Hank21 

 

Because of this limitation we started using MAC filtering but it has also a limitation as you wrote. We put around 230 MAC address to the allow list and it is growing. I hope someday Omada can raise this 500 limit to 1000 or 2000. :)

  @rg.kszi you should configure load balancing and set max. devices per eap device, overcrowded ap's, thats simple to resolve, just add the amount which you need. As example, according to tp-link, eap610 can handle 100 cilents, eap620hd ten times more (cant confirm). What I trying to say is that you simply need few more devices according to your calculation, you could also replace those overcrowded with some ceiling mount device which can handle required number of clients.

 

As a student, I would never give you my mac address (at least not real one), you are creating time consuming task for nothing, some portal authentification would probably be better solution, including the fact that teachers and students should not be in same network and I will give you example and own story why. When I was in school, our math lessons were on computer and we had one exam consisting of 4x40 minutes, where the fastest finished normally after 80 minutes. I did not visit the class for months where my teacher told "You can just print empty paper and leave the class, that will be ok". I said it was a little arrogant from teacher to assume I missed the class because I do not know anything instead of thinking that I am not visiting it because I have the knowledge, however, I agreed, opened finished exam from his pc and printed it 100% correctly, few minutes after I left my math teacher was running after asking how it was possible to finish the exam within one minute. I still got best degree and they did not want anybody to know about their failure, since then they asked me to always sit in class and not participate on exams on computers, my task was to check exams for errors.

 

Hope that helps

  @rg.kszi 

 

I'd change the password so that those not authorized will not know it.  If the changed password keeps being leaked, find the source of the leakage and correct that issue.  Trying to solve this with any other technological method seems to be overcomplicated and likely doomed to fail.

lflorack wrote

  @rg.kszi 

 

I'd change the password so that those not authorized will not know it.  If the changed password keeps being leaked, find the source of the leakage and correct that issue.  Trying to solve this with any other technological method seems to be doomed to fail.

  @lflorack for school and educational institution access to network is normally resolved in different ways, mostly connected to the students data (like number, email, name, etc.). Those who are not students and not working, those should get max. guest network access which is isolated from anything and you can dedicate few ap's just for that to ensure overloaded guest network does not bring ap's required for students and teachers to its knees. I guess school should engage some IT company for either consulting or consulting and implementation, otherwise it will be costly and time consuming journey.