Wireless sensor networks (WSNs) are a promising technology for several industrial and quotidian applications. IPv6 is the most consensual solution to connect such networks to the Internet, and 6LoWPAN is the adaptation layer to run IPv6 over WSNs. Self-organization and self-configuration are key characteristics of WSN because they minimize the network configuration efforts and simultaneously increase the network robustness but they can also be exploited to perform security attacks. This paper proposes a network admission control solution for 6LoWPAN WSN that prevents unauthorized nodes from using the network to communicate either with the legitimate nodes and with the Internet, reducing in this way the security attacks that can be performed. The proposed solution includes node presence detection and authentication, administrative node authorization, and data filtering to discard frames from/to unauthorized nodes. It uses the standard 6LoWPAN neighbor discovery and RPL protocols, minimizing the number of additional required control messages. It includes cryptographic mechanisms, based on the AES symmetric key algorithm, to guarantee node authenticity and integrity, source authenticity, and data freshness of data frames. This paper also presents the design and deployment of a laboratory testbed validating the proposed network admission control solution.