Dashboard Configuration Sync

ZachM90
Comes here often

Dashboard Configuration Sync

Hello, I'm running into an issue when trying to use Configuration Sync. To briefly summarize our configuration we're only using Meraki for our wireless solution. All networks that have been created have been created using two different templates. All networks are marked as wireless and not combined.

 

We have a need to whitelist certain clients per SSID and want to sync that whitelist to all networks under a single template. When i navigate to Organization -> Configuration Sync I'm only given the option to select the template as the source network and my only option under target network is set to All.

 

When filling out those requirements the page updates but does not give me the option to copy over any configuration from source to destination. (See Screenshot below for clarity). I guess I'm looking for some advice on what I'm doing wrong or if there is a better way to copy a whitelist from one network to another. Thank you.

 

Capture.JPG

9 REPLIES 9
PhilipDAth
Kind of a big deal
Kind of a big deal

You should consider using Configuration Templates instead.

https://documentation.meraki.com/zGeneral_Administration/Templates_and_Config_Sync/Managing_Multiple...

 

The MR Configuration Sync tool almost feels like it has been abandoned to me.  I don't think any development has been done on it in ages.

Thanks for the reply Philip, all of our branch networks are bound to a single template but the issue here seems to be that you can only whitelist clients under a specific network, not the template itself. So initially the whitelist is only applied to network A and no other networks in that template. That's where I was hoping the configuration sync tool would come into play but as my original post indicated that doesn't seem to be working. 

 

Do you know of a way to whitelist devices within a template so that it would push out to all networks bound to that template?

PhilipDAth
Kind of a big deal
Kind of a big deal

A client only exists under a network.  It makes no sense to whitelist a client in a template.

 

Are you trying to handle the case where a client roams from one site to another site?  If so, you should be using RADIUS and assigning groupo policy that way.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

You use the "Filter-Id" attribute.

What we have is a guest SSID that we broadcast at all of our branches. For certain clients that connect to this SSID, we whitelist their MAC so they can skip authentication. We want to sync this whitelist to all branches so no matter which branch the whitelisted client is at, they'll pass through instead of authenticating. 

 

I found the following:

Note: If a device is whitelisted in a network that is bound to a template, that client will be whitelisted on all other networks bound to that template. Conversely, if the client is removed from the whitelist on one bound network, it will also be removed from the whitelist on all others.

 

Source:

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Blocking_and_Whitelisting_Client...

 

Based on that it should be standard behavior if all your networks are making use of the same template.

Thanks Brecht, I saw that note as well. So far it seems that may not be the case, we have added some clients to a whitelist in Network A and you can filter to show them as "Clients with a policy." but when you move over to Network B under the same template you do not see those clients.

 

What im curious to test is if we have that client added to Network A actually connect to the SSID at network B and that'll populate them in the client list with the applied policy.

 

Appreciate the replies!

 

Zach

pjc
A model citizen

@ZachM90 

 

Hi Zach,

 

Did you get anywhere with this ?  We've got the exact problem, where we have on our guest network (PSK not Radius) a need to whitelist clients (assign to a group policy) to not show the splash screen, and since we are moving from Dashboard Networks (with all of our AP's in) to configuration templates (as best practice for AutoRF), we are not able to whitelist clients in a template.  I don't want to whitelist clients in 120 seperate networks...presumably you got the same error as I did when trying to whitelist in a configuration template

 

error.png

Did anyone find a solution to this.  We have the exact same scenario and would like to know how to apply whitelists globally rather than on every single network.  I can't believe this isn't standard feature of a business class system.

pjc
A model citizen

@Tina  Hi ,  If you are trying to add clients to a group policy you have created in the same way I am trying to do (see my post above), then no, there's no solution other than to use API scripts.

 

However, if you just want to whitelist clients across multiple networks (no splash screen, no bandwidth limitations etc) then you can use the configuration sync between networks...eg add the whitelisted client's mac address to be whitelisted in one network, and then sysnc all or selected taget networks from your source network, as below

 

test.png

Get notified when there are additional replies to this discussion.