Meraki

Community

Access control for VLAN

jay_b
Getting noticed
‎Apr 27 2022 8:43 AM
‎Apr 27 2022 8:43 AM

Access control for VLAN

Hi all,

 

I am trying to setup access policy for switch port. I hope I am on right place. I've configured to use 3rd party credentials google credentials. 

 

I have configured from Security & SD-Wan > Configure > Access control. There I am using access control with splash page. However, I am not able to see any splash page on device.  Is there any settings need to be done on google side ? I can't seem to find document that shows settings for google.

 

 

 

 

0 Kudos
4 Replies 4
GreenMan
Meraki Employee
Meraki Employee
‎Apr 27 2022 8:52 AM
‎Apr 27 2022 8:52 AM

You mention policies for switch ports - but then say you're configuring the MX..?   (Security & SD-WAN always relates to the MX).   If you're wanting to run 802.1x on your MS switch ports, you want Switch > Configure > Access policies, as per:  https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

jay_b
Getting noticed
‎Apr 27 2022 9:18 AM
‎Apr 27 2022 9:18 AM

Thank you @GreenMan 

 

Yes for switch ports.

 

Interesting.

 

Under Switch access policy I see only 2 options. Radius and Meraki auth. We don't have Radius. Meraki auth is not secure way. What other options do we have ?

 

0 Kudos
In response to jay_b
GreenMan
Meraki Employee
Meraki Employee
‎Apr 27 2022 10:25 AM
‎Apr 27 2022 10:25 AM

I assume, when you talk about Meraki auth not being secure, you mean MAC Authentication Bypass (MAB)?   I can see why you would say that it's not greatly secure,  (this is not the same as Meraki auth BTW)

What other options were you expecting?    As we are authenticating at Layer-2 on a switch - in order to effectively open the port - options are bound to be limited.

You mentioned you also have MX - it may be possible to police access at that level - maybe something like this:   https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...

But your switch ports would be open access, if that was all you were using.   If you're trying to block client devices 'at source' then switch acces policies are the way, but the options in the document I linked before are the only ones available.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 27 2022 1:44 PM
‎Apr 27 2022 1:44 PM

Switch access policies are another way of saying you want to use 802.1x port authentication.  The entire 802.1x protocol is built on the concept of using RADIUS.  It's fundamental.

 

Meraki makes it easier by effectively providing a RADIUS server for you to use with Meraki Authentication, otherwise, you'll need to stick to the standard - and put in a RADIUS server.

 

You can get free RADIUS servers, like Free Radius.

https://freeradius.org/ 

There are also cloud-based RADIUS servers, like Jump Cloud.

https://jumpcloud.com/lp/cloud-radius-beansprout 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.