Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Doubts about MX devices

crusier
Comes here often
‎May 27 2018 11:21 AM
‎May 27 2018 11:21 AM

Doubts about MX devices

Hi friends,

 

I´m new on Meraki World, and i have the follow questions, can you help me?

 

  • Is it possible use an AP non meraki(for example Aironet), using radius to authenticate the clients and the content filter policies based on group AD works?even if the device is not registered in the ad(for example phone, tablet,etc..)?
  • And if i use a meraki AP, the radius to authenticate the clients and the content filter policies based on group AD works?even if the device is not registered in the ad(for example phone, tablet,etc..)?
  • I have only  Advanced Security license on MX device, i´m not finding where can i customize the splash page, I need the a Enterprise license to customize?
  • How many sites on  "blocked url patterns" inside "group policies" can i insert?
  • Is it true that SSL decryption is not available on Meraki devices?

 

Tks ! 

0 Kudos
Subscribe
9 Replies 9
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 27 2018 12:54 PM
‎May 27 2018 12:54 PM

If you use an Aironet AP then you can configure it to do 802.1x authentication.  It can not do content filtering.  You would need something else like a Meraki MX.

 

If you use a Meraki AP you can also configure 802.1x authentication.  It can do very basic content filtering. You would really be wanting to use a Meraki MX if you wanted to do content filtering.

 

You need to enable a VLAN for splash authentication before you can configure a splash page.  Note you don't usually use splash pages with active directory for content filtering.  You can use just active directory or just splash pages (I think the features are mutually exclusive, using one disables the other).

https://documentation.meraki.com/MX-Z/Group_Policies_and_Blacklisting/Integrating_Active_Directory_w...

 

I don't know how large you can make the blocked URL patterns.

 

SSL decryption is a pain in the neck because of the requirement to put certificates on every client behind the device.  Meraki can still inspect the URL being visited in an SSL conversation, so can still perform content filtering on SSL connections.

0 Kudos
Subscribe
In response to PhilipDAth
crusier
Comes here often
‎May 27 2018 2:28 PM
‎May 27 2018 2:28 PM

 

 
Tks PhilipDAth,
 
I have some doubts yet:
 
If you use an Aironet AP then you can configure it to do 802.1x authentication.  It can not do content filtering.  You would need something else like a Meraki MX.
If you use a Meraki AP you can also configure 802.1x authentication.  It can do very basic content filtering. You would really be wanting to use a Meraki MX if you wanted to do content filtering.
      Supose that for both cases i have  the Meraki MX to content filter, after radius authentication is it possible to apply the rules based on user of active directory and your respective policy on contente filter?? even the clients is not a member of respecitive domain (ad) , for example a celphone ?
 
SSL decryption is a pain in the neck because of the requirement to put certificates on every client behind the device.  Meraki can still inspect the URL being visited in an SSL conversation, so can still perform content filtering on SSL connections.
   But is it possible to insert response page block ? About SSL filter, this occur only based on URL or domain name?
 
TKS Again!!
 
 
 

0 Kudos
Subscribe
In response to crusier
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 27 2018 4:53 PM
‎May 27 2018 4:53 PM

You will be able to apply content filtering either way - but the MX must be able to see the client at layer 2 - in other words, the MX should be the default gateway for the client.

 

If the connection is 100% SSL from the start, the user will simply get blocked with no response page, and there is nothing that can be done about that.

If the connection starts on as http then the user will get a response page saying it has been blocked.

0 Kudos
Subscribe
In response to PhilipDAth
crusier
Comes here often
‎May 28 2018 8:03 AM
‎May 28 2018 8:03 AM

but even if the device is not a member of the domain (for example a cell phone), when it authenticates on the wifi network through the radius, Meraki  will be able to apply the rules based on the user of AD? Or just based on the IP Address?

 

Tks

0 Kudos
Subscribe
In response to crusier
MRCUR
Kind of a big deal
‎May 28 2018 11:22 AM
‎May 28 2018 11:22 AM

You can use the RADIUS filter-id attribute to apply a Meraki group policy to clients that auth through RADIUS. When you do this, clients that are not bound to AD can still be placed in the appropriate group policy for content filtering (and anything else you configure on the group policy). 

MRCUR | CMNO #12
Subscribe
In response to MRCUR
crusier
Comes here often
‎May 29 2018 4:54 PM
‎May 29 2018 4:54 PM

Tks Mrcur.

 

Do you have any tutorial or guide that i can follow to implement?

 

Tks

0 Kudos
Subscribe
In response to PhilipDAth
crusier
Comes here often
‎Jun 7 2018 6:36 PM
‎Jun 7 2018 6:36 PM

TKS friends, i'm trying radius for ad based group policies , using ap Aruba but its not working.

 

Does anyone get success using a non meraki ap? Or It is possible just using Ap Meraki?

 

Tks

0 Kudos
Subscribe
In response to crusier
MRCUR
Kind of a big deal
‎Jun 8 2018 7:31 AM
‎Jun 8 2018 7:31 AM

What part isn't working? You'll have to provide a bit more info to get some help. 

MRCUR | CMNO #12
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.