Hi friends,
I´m new on Meraki World, and i have the follow questions, can you help me?
Tks !
If you use an Aironet AP then you can configure it to do 802.1x authentication. It can not do content filtering. You would need something else like a Meraki MX.
If you use a Meraki AP you can also configure 802.1x authentication. It can do very basic content filtering. You would really be wanting to use a Meraki MX if you wanted to do content filtering.
You need to enable a VLAN for splash authentication before you can configure a splash page. Note you don't usually use splash pages with active directory for content filtering. You can use just active directory or just splash pages (I think the features are mutually exclusive, using one disables the other).
I don't know how large you can make the blocked URL patterns.
SSL decryption is a pain in the neck because of the requirement to put certificates on every client behind the device. Meraki can still inspect the URL being visited in an SSL conversation, so can still perform content filtering on SSL connections.
Tks PhilipDAth,
I have some doubts yet:
If you use an Aironet AP then you can configure it to do 802.1x authentication. It can not do content filtering. You would need something else like a Meraki MX.
If you use a Meraki AP you can also configure 802.1x authentication. It can do very basic content filtering. You would really be wanting to use a Meraki MX if you wanted to do content filtering.
Supose that for both cases i have the Meraki MX to content filter, after radius authentication is it possible to apply the rules based on user of active directory and your respective policy on contente filter?? even the clients is not a member of respecitive domain (ad) , for example a celphone ?
SSL decryption is a pain in the neck because of the requirement to put certificates on every client behind the device. Meraki can still inspect the URL being visited in an SSL conversation, so can still perform content filtering on SSL connections.
But is it possible to insert response page block ? About SSL filter, this occur only based on URL or domain name?
TKS Again!!
You will be able to apply content filtering either way - but the MX must be able to see the client at layer 2 - in other words, the MX should be the default gateway for the client.
If the connection is 100% SSL from the start, the user will simply get blocked with no response page, and there is nothing that can be done about that.
If the connection starts on as http then the user will get a response page saying it has been blocked.
but even if the device is not a member of the domain (for example a cell phone), when it authenticates on the wifi network through the radius, Meraki will be able to apply the rules based on the user of AD? Or just based on the IP Address?
Tks
You can use the RADIUS filter-id attribute to apply a Meraki group policy to clients that auth through RADIUS. When you do this, clients that are not bound to AD can still be placed in the appropriate group policy for content filtering (and anything else you configure on the group policy).
Tks Mrcur.
Do you have any tutorial or guide that i can follow to implement?
Tks
TKS friends, i'm trying radius for ad based group policies , using ap Aruba but its not working.
Does anyone get success using a non meraki ap? Or It is possible just using Ap Meraki?
Tks
What part isn't working? You'll have to provide a bit more info to get some help.