Hello all, please forgive if this is a stupid question. I'm still learning my way around. I did some searching but still feel like I don't understand. I was tasked with configuring a Meraki MX68W. 2 Users will connect direct to ports, 3 users will connect wirelessly.
I would like to lock down physical ports only to MACs that I allow. If joe schmo tries to plug in, he will get blocked. Is this a firewall setting or am I missing an Access Control setting somewhere?
I also would like to so the same thing with the wireless SSID I created. I don't have a Radius server. My setup is simple, I think.
I was hoping for a simple solution of entering allowed MACs and if someone is't on the list, they just don't get in.
Can someone please guide me in the right direction?
Solved! Go to solution.
What you can do is block all traffic at network firewall level. And then whitelist or assign a specific group policy to the clients that need access to the network
In further reading I guess I could disable unused ports. I also did see I can set a port as Trunk or Access. But seems like this will require a Radius server to compare against.
I'm still trying to figure out wireless. I'm already hiding SSID broadcast but am stuck at my original post.
What you can do is block all traffic at network firewall level. And then whitelist or assign a specific group policy to the clients that need access to the network
ok, I see what you're saying...if there is a template applied to other Meraki's, and I go to Network-wide to create a group policy for my network (which is not under any template) will this affect other Meraki's? I'm just trying to be cautious I don't break other things lol
OK, maybe I have this down. Here are my steps. Can someone please confirm
1. Make sure I'm under the Network I created
2. Go to Security & SD WAN - Firewall
3. Add rule Deny Any Any
4. Go to Network-Wide - Clients
5. Add Clients to : Allowed List
Does this look right?
I would whitelist them first. Then deny any any
Interesting thing, it kind of worked.
It blocked a unauthorized user from outside network access but I was hoping to block internal network access as well.
I had to create a L7 rule that blocked my entire network to somewhat achieve what I wanted. Of course making sure my authorized users are getting my Allow group policy.
I guess it'll do for the needs I have. Thanks.
did you ever get a definitive solution that worked reliably? i am needing to do the same thing and i am also unfamiliar with the dashboard.
I saw your steps and i done have a "Security and SD Wan" - Firewall setting in my menus? can you give me more detail on that steps you followed?
thanks for any help you can give me
Hey there, sticking with the steps I did was good enough.
I go to Network to make sure I'm on correct group. Then below that I have access to Security and SD Wan
If you don't see it, you might not have rights? If you see Appliance Status then you know you're in the right place.
I appreciate the info, can you look at my steps and see if they will work?