Meraki

Mike_Tj · ‎Dec 27 2023

How does one by default block new, unknown clients from connecting to a network?

I'd swear that I had done so previously by creating a default profile with the proper firewall rules and applying that to the SSIDs (or was it VLANS? ... something changed...) I would then be contacted by individuals attempting to connect to the network and could change their profile to allow connection, if appropriate.

At some point, however, Meraki did something that made this not work - I've had users connect without my approval/blessing - likely due to, say, Apple credential sharing.

I would be delighted to block - by default - unknown clients by SSID, VLAN, or even physical port, if possible.

From a security standpoint, this would be very useful.

What am I no longer understanding?

Kind regards,

Michael

ww · ‎Dec 28 2023

You could use authentication, like 802.1x

Other option is to use the firewall to block all traffic, and then allow specific clients using the group policy. https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

GIdenJoe · ‎Dec 28 2023

For wireless you could set the VLAN of an SSID to a VLAN that has no connection to the rest of the network or the internet or both. And then manually assign group policies to clients that are allowed by putting them in another VLAN that has the required access.
For switching you would need to deploy EAP/802.1X to achieve something similar.

Mike_Tj · ‎Dec 28 2023

Thank you for the suggestions!

Meraki

Community

Block new, unkown clients from connecting to network by default

Block new, unkown clients from connecting to network by default