How about this technique then.

  • Configure your DHCP server so that computers which are to be allowed access have a reserved IP address.
  • Configure a firewall rule on the hotspot device that only allows access for the reserved IP addresses.


You could also use the DHCP server built into the device to issue the reserved IP addresses on a new "guest" subnet seperate from your normal user LAN if that would make control easier.

If your users do not have privilege to allocate static addresses to their NICs then they cannot steal a guest DHCP assigned address, so the reserved IP address is just about secure as a MAC address for this purpose.