Hi Chris,

Thank you for supplying that additional information.

Starting with our new Wi-Fi 6 MR APs, when leveraging Layer 7 block rules for specific (NBAR) categories, you can view instances of these blocks from within the Event Log, including the specific wireless client that attempted to access a given blocked category of websites. Since the MR models that you mentioned are from our Wi-Fi 5 (Wave 2) line, we unfortunately would not be able to leverage this option at this time. It is also important to note that these Event Log entries would only trigger when blocking by website category and would not work for say a custom Layer 7 HTTP hostname definition.

If, however, you are leveraging the "Advanced Security" or "SD-WAN Plus" MX licensing tier on your MXes, you may still be able to achieve what you are after here by configuring Content Filtering rules on the MX. You would see Event Log entries when these rules are triggered, including the specific client that was attempting to access the blocked website and/or blocked category. The use of Group Policies from within your Meraki Dashboard Network would allow for granularity of these rules as needed. Finally, do note that leveraging the Content Filtering features of the MX would require that the downstream SSID(s) in question are configured in bridge mode ("External DHCP server assigned") as "NAT mode" would simply report the downstream MR AP as the client as opposed to the actual wireless end-client.

I hope this helps explain your options a bit. Feel free to call into our 24/7 Enterprise Support hotline if you need further assistance with any of these configurations.

Jonathan