Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Port ACL / MAC filter

Solved
Davidc2478
Here to help
‎Feb 8 2021 6:22 AM
‎Feb 8 2021 6:22 AM

Port ACL / MAC filter

Hello all, please forgive if this is a stupid question. I'm still learning my way around. I did some searching but still feel like I don't understand. I was tasked with configuring a Meraki MX68W. 2 Users will connect direct to ports, 3 users will connect wirelessly.

 

I would like to lock down physical ports only to MACs that I allow. If joe schmo tries to plug in, he will get blocked. Is this a firewall setting or am I missing an Access Control setting somewhere?

 

I also would like to so the same thing with the wireless SSID I created. I don't have a Radius server. My setup is simple, I think.

 

I was hoping for a simple solution of entering allowed MACs and if someone is't on the list, they just don't get in.

 

Can someone please guide me in the right direction?

0 Kudos
Subscribe
1 Accepted Solution
In response to Davidc2478
ww
Kind of a big deal
Kind of a big deal
‎Feb 8 2021 7:30 AM
‎Feb 8 2021 7:30 AM

What you can do is block all traffic at  network firewall level. And then whitelist or assign a specific group policy to the clients that need access to the network

View solution in original post

Subscribe
9 Replies 9
Davidc2478
Here to help
‎Feb 8 2021 6:37 AM
‎Feb 8 2021 6:37 AM

In further reading I guess I could disable unused ports. I also did see I can set a port as Trunk or Access. But seems like this will require a Radius server to compare against.

 

I'm still trying to figure out wireless. I'm already hiding SSID broadcast but am stuck at my original post.

0 Kudos
Subscribe
In response to Davidc2478
ww
Kind of a big deal
Kind of a big deal
‎Feb 8 2021 7:30 AM
‎Feb 8 2021 7:30 AM

What you can do is block all traffic at  network firewall level. And then whitelist or assign a specific group policy to the clients that need access to the network

Subscribe
In response to ww
Davidc2478
Here to help
‎Feb 8 2021 8:03 AM
‎Feb 8 2021 8:03 AM

ok, I see what you're saying...if there is a template applied to other Meraki's, and I go to Network-wide to create a group policy for my network (which is not under any template) will this affect other Meraki's? I'm just trying to be cautious I don't break other things lol

0 Kudos
Subscribe
In response to Davidc2478
Davidc2478
Here to help
‎Feb 9 2021 5:14 AM
‎Feb 9 2021 5:14 AM

OK, maybe I have this down. Here are my steps. Can someone please confirm

 

1. Make sure I'm under the Network I created

2. Go to Security & SD WAN  - Firewall

3. Add rule Deny Any Any

4. Go to Network-Wide  - Clients

5. Add Clients to : Allowed List

 

Does this look right?

0 Kudos
Subscribe
In response to Davidc2478
ww
Kind of a big deal
Kind of a big deal
‎Feb 11 2021 6:17 AM
‎Feb 11 2021 6:17 AM

I would whitelist them first. Then deny any any

0 Kudos
Subscribe
In response to ww
Davidc2478
Here to help
‎Feb 11 2021 12:59 PM
‎Feb 11 2021 12:59 PM

Interesting thing, it kind of worked.

 

It blocked a unauthorized user from outside network access but I was hoping to block internal network access as well.

I had to create a L7 rule that blocked my entire network to somewhat achieve what I wanted. Of course making sure my authorized users are getting my Allow group policy.

 

I guess it'll do for the needs I have. Thanks.

Subscribe
In response to Davidc2478
SCampisi
Just browsing
‎Aug 31 2021 7:00 AM
‎Aug 31 2021 7:00 AM

did you ever get a definitive solution that worked reliably?  i am needing to do the same thing and i am also unfamiliar with the dashboard.

 

I saw  your steps and i done have a "Security and SD Wan" - Firewall setting in my menus?  can you give me more detail on that steps you followed?

 

thanks for any help you can give me

0 Kudos
Subscribe
In response to SCampisi
Davidc2478
Here to help
‎Aug 31 2021 8:01 AM
‎Aug 31 2021 8:01 AM

Hey there, sticking with the steps I did was good enough.

 

I go to Network to make sure I'm on correct group. Then below that I have access to Security and SD Wan

Davidc2478_0-1630422005377.png

 

If you don't see it, you might not have rights? If you see Appliance Status then you know you're in the right place.

 

0 Kudos
Subscribe
In response to ww
Davidc2478
Here to help
‎Feb 10 2021 7:24 AM
‎Feb 10 2021 7:24 AM

I appreciate the info, can you look at my steps and see if they will work?

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.