RAK7268V2 Whitelist Filtering

I have done a bit of reading around the forum here trying to work out how to implement device whitelisting on some gateways we want to deploy to a busy region.

Unfortunately our only connection type for this region is cellular and cellular data is very expensive in this region. We’re looking to utilise the gateway whitelist filtering so only data from these specific sensors in this deployment are uplinked to our LNS.

I have converted the network id to decimal which is 60 (0x00003C netid) and the first 3 bytes of the device address OUI which in this test case is 24E124 which are some milesight sensors.

Assuming I have set this correct in the settings, I am still passing all data from any device on the network id as well as all the beacon noise which we’re not interested in.

Should this filter by network id and then by the device oui? as it seems to just forward me anything that matches the network id.

Current gateway version v2.2.2

I’ve been looking into whitelist filtering for the same reason - to reduce traffic on the cellphone backhaul. Unfortunately it looks like it is an AND - both Network and device-level (OUI) filters are required which seems a bit limiting. In our case we want to allow all device types from our NETID, and drop everything else.
The other issue I have is that the max value accepted for the Network ID is 127, which is tough for those of us with Class 7 NetIDs. Or does the Network ID refer to something else? Some examples would be nice in the documentation to show how these are supposed to work.

I’m also using version 2.2.2. and RAK7268V2.

I think I see what you mean, if you have a netid like a /25 or something that equates out to > 127 when converted to decimal you cant really use this to filter by netid.

This could be a handy feature if it could be done by the device address/prefix you want to allow ie. [start address]/[prefix]

This could be a handy feature if it could be done by the device address/prefix you want to allow ie. [start address]/[prefix]

Agreed. The Kerlink gateway packet forwarder uses devAddr prefixes, which works well.

Another way around it, which I have tested and works is to install chirpstack-mqtt-forwarder onto the gateway and ingest via mqtt.

although not helpful if you want to use legacy udp or basicstation… It does work and you can filter by address/prefix and join_eui.

for further information check this out.
https://www.chirpstack.io/docs/chirpstack-mqtt-forwarder/install/rak.html

Thanks @ccall48. Ideally RAK could fix the existing whitelist method to handle the full range of NetIDs, and let us forward on either OUI or NetID, but this looks like a good workaround in the interim.

This has been up here for a week now with not even a acknowledgement so I wouldnt hold my breath :smiley: