Meraki

Community

AP Ruckus MAC ACL to AP Meraki

WARLAIN
New here
13 hours ago
13 hours ago

AP Ruckus MAC ACL to AP Meraki

I have a scenario where we're migrating from a Ruckus AP to a Meraki AP. The issue is that the Ruckus AP has an ACL set up to allow specific devices based on their MAC addresses from a local list—not via RADIUS. I'm trying to replicate this on Meraki but can't find the option. I went to Client > Add Devices > Allow List, but it didn't work, and several devices that shouldn't have connected have already joined that network.

Does Meraki not have that option? Is it only possible via a MAC-based ACL?

.
0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
12 hours ago
12 hours ago

Meraki does have that limitation. Unfortunately, to restrict access via MAC address, you need a Radiu server.

 

https://documentation.meraki.com/Wireless/Design_and_Configure/Deployment_Guides/MAC-Based_Access_Co...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
12 hours ago
12 hours ago

 

The block and allow list is for a different purpose and I believe it won't meet your needs.

 

https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Operate_and_Maintain/H...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
3 hours ago
3 hours ago

Meraki group policies are applied based on MAC address.

https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Operate_and_Maintain/H...

 

It sounds like what you want to do is create a WiFi firewall rule to "deny all", and then apply a group policy to each client to override that firewall policy.  The "Allow List" is an example of a built-in group policy that overrides firewall rules for that client, allowing it access.

 

More info about WiFi firewall rules.

https://documentation.meraki.com/Wireless/Operate_and_Maintain/How_Tos/Firewall_and_Traffic_Shaping/...

0 Kudos
In response to PhilipDAth
alemabrahao
Kind of a big deal
Kind of a big deal
2 hours ago
2 hours ago

It's not the same thing. This way is a possibility, but I think that it's more painful.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to PhilipDAth
alemabrahao
Kind of a big deal
Kind of a big deal
an hour ago
an hour ago

Just to clarify, the method you're suggesting doesn't prevent the client from associating with the SSID, it only blocks browsing.

 

This still presents a security risk because the client will still be receiving an IP address, allowing it to scan the network.

 

I don't know if you've done this before, but what he actually wants is to implement MAC address filtering, so only clients on the list will be allowed to associate with the SSID.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2026 Cisco Systems, Inc.