Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block new, unkown clients from connecting to network by default

Mike_Tj
Conversationalist
‎Dec 27 2023 3:14 PM
‎Dec 27 2023 3:14 PM

Block new, unkown clients from connecting to network by default

How does one by default block new, unknown clients from connecting to a network?

 

I'd swear that I had done so previously by creating a default profile with the proper firewall rules and applying that to the SSIDs (or was it VLANS? ... something changed...)   I would then be contacted by individuals attempting to connect to the network and could change their profile to allow connection, if appropriate.

 

At some point, however, Meraki did something that made this not work - I've had users connect without my approval/blessing - likely due to, say, Apple credential sharing. 

 

I would be delighted to block - by default - unknown clients by SSID, VLAN, or even physical port, if possible.  

 

From a security standpoint, this would be very useful.

 

What am I no longer understanding?

 

Kind regards,

Michael

0 Kudos
Subscribe
3 Replies 3
ww
Kind of a big deal
Kind of a big deal
‎Dec 28 2023 12:39 AM
‎Dec 28 2023 12:39 AM

You could use authentication, like 802.1x

 

Other option is to use the firewall to block all traffic, and then allow specific clients using the group policy. https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Dec 28 2023 1:15 AM
‎Dec 28 2023 1:15 AM

For wireless you could set the VLAN of an SSID to a VLAN that has no connection to the rest of the network or the internet or both.  And then manually assign group policies to clients that are allowed by putting them in another VLAN that has the required access.
For switching you would need to deploy EAP/802.1X to achieve something similar.

Subscribe
Mike_Tj
Conversationalist
‎Dec 28 2023 8:06 AM
‎Dec 28 2023 8:06 AM

Thank you for the suggestions!

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.