Thank you for understanding. My current router does provide list access and restriction for wired and wireless devices, and its 64 entry limit is shared by all 6 networks, so enabling the guest networks does not provide any help.
My setup at my office (8 servers, 6 webservers, 34 workstations) is all behind proxy servers using static public IP's only for the external proxy NIC's. Private statics are used for everything inside the proxies. If I could get these gentleman to let me configure something like that for them, I'd have no problem with limits of any kind. They, however, prefer that I use a simple router whitelist that "they understand".
As for getting bent out of shape, I apologize for my tone. I've spent days asking supposed tech support experts about such matters and am really tired of people telling me what I should or could do while really never answering my question about their products. It's frustrating. In this case, the decision is not mine to make and I am trying to give these very honorable folks what they want if I can.
I very much appreciate your time and efforts on my behalf. Hope you are having a restful holiday other than dealing with me.
Thanks again.
Are they looking for a solution with their current router or are they willing to go with something new? Like I mentioned, Ubiquiti supports 512 per SSID. I don't believe it requires the management software to be running (actually I know it doesn't as my Unifi AP has 4 MACs denied in it and it works fine without the controller running). Unless it supports X number without controller running and more with it, but I suspect they have enough memory to handle the full list. That is just an AP though, you would add it on and leave their current router as wired only. They would have to launch the controller software to add new MACs though. You could take a look at their new "Dream Machine" - not sure if it requires a controller or how many MACs it supports. That's an all-in-one device with security etc built in.
Another option is to search some of the small business type stuff from the various vendors find one with RADIUS or 802.1X built in. That should accomplish what you want for both wired and wireless (well 802.1X will do both, RADIUS is for wifi only typically). Or one with a built in firewall that supports L2 (MAC) filtering.
I suspect DNSMASQ may also have the functionality to only hand out IPs to approved MACs (many DHCP servers do but never tried with DNSMASQ) however that requires firmware with scripting ability and you'd have to update the script every time you add a MAC so not really a good solution. Firewall (EBTABLES or IPTABLES) would work too but again, scripting and not easy to do for them.
I hear the frustration with tech support. Most of us here listen and know what you're asking for, even if we don't have the "cut and dry" answer. What you're looking for is at the very least a small business oriented feature, borderline enterprise, so it may come down to visiting the forums for each vendor to see if you can find or ask the question. Depending on their/your budget, I think something with a RADIUS server built in or 802.1X would probably be your best solution.
Couple other options I can think of:
Multiple APs (as already mentioned)
YazDHCP addon for Merlin allows 128 static DHCP entries which could, in a way, serve a similar function. You could set your DHCP range to 128 IPs, then put in "dummy entries" for any that are not currently in use, which they then just add the real one when they get a new device. This does not stop someone from setting a static if they know what they are doing, but is that likely in this environment? I wonder if that is actually what the TP link is doing, the fact that it does both wired and wireless makes me wonder. Doing it on wired is uncommon so makes me think it is a DHCP filter and not an overall connection filter which would use 802.1X or similar. I have an old TP Link AC router, have never played around with it much so I don't recall.
YazFI I'm not sure if it has a MAC filter or not, I believe it was suggested but not sure if ever implemented.
@Jack Yaz can you confirm if there is one and how many it supports?
So, no smoking gun answer from me unfortunately, off the top of my head, other than Unifi APs (which would be wireless only, wired filter would still be done on their current router), I don't know which ones do/don't support what you're looking for. If you think DHCP filtering would be enough, an Asus with Merlin and YazDHCP may be the way to go. A bit of a hack but not too bad.
