Meraki

framosCTLink · ‎Nov 20 2019

Hi,

I did a research about hotspot within Meraki Community but could find one.

I was able to discover clients/BYOD or any device capable of providing Hotspot sharing access for the internet.

will MX be able to identify clients behind a laptop or mobile sharing access? lets say be visible on the dashboard? I did choose track by IP address but still couldn't see clients.

Franco Ramos

jdsilva · ‎Nov 20 2019

Hey @framosCTLink ,

Generally speaking, no you won't be able to track this. Most hotspots that I've seen run their own DHCP server and NAT the clients that are connected to the hotspot. Because of this the MX will think all traffic comes from the hotspot device itself.

What is your concern here? Perhaps there's another way to address the problem you have?

http://blog.brokennetwork.ca |

@jdsilva

framosCTLink · ‎Nov 20 2019

@jdsilva thank you so much!

main concern for this is that even though rules are being applied for that hotspot capable device. connected users use VPN to bypass meraki rules/blocking... maybe perhaps manually checking the client traffic, right?

Franco Ramos

BrechtSchamp · ‎Nov 20 2019

So you're talking about a client that's wired to the network and sharing it's connection with another device over an ad-hoc wireless network of the other way around?

I think there are multiple ways that sharing can take place.

If it's based on Internet Connection Sharing the host performs NAT, so it's hard or sometimes impossible to detect because all guest traffic appears to be coming from the host. Blocking that functionality on the endpoint would be the way to proceed.

If it's using connection bridging, then the guests would appear as separate clients with their own MAC addresses and get their own IP addresses. That can be detected and mitigated by implementing 802.1X or sticky MAC whitelists.

Meraki

Community

Client monitoring and control with Hotspot enabled

Client monitoring and control with Hotspot enabled