Limit connection to a SSID / VLAN for clients enrolled in MDM only

Solved
Decaone
Conversationalist

Limit connection to a SSID / VLAN for clients enrolled in MDM only

Hello, 
i've been looking around Google and this forum, and I did not find answers to my question.

(maybe i've been using the wrong keywords)

Is it possible to limit the connection to a specific SSID or VLAN to clients enrolled in our MDM?

 

Example: i have a guest wifi and a office wifi. People with a computer can get the Office wifi password from the computer, and use it in their mobile phones. 
All the company computers are enrolled in Meraki MDM. Is there a way to limit the connection to the SSID or VLAN to those computers present in the MDM only?

 

If this has been already asked, I hope I can be redirected to the solution.

Thank you already.

Best

1 Accepted Solution
GreenMan
Meraki Employee
Meraki Employee

So you have Meraki WiFi (APs) and the computers are under Systems Manager MDM?
You should be able to use Sentry WiFi with X.509 certs (better than shared keys):

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Configuring_EAP-TLS_W...

 

Trusted Access, as mentioned above, works in a similar way but without taking the device under SM management - which is much preferable for Bring Your own Device scenarios.   You still need Systems Manager licences for those 'own Devices' though

View solution in original post

5 Replies 5
Mloraditch
A model citizen

For wireless I think you are looking for this:

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Se...

At the wired VLAN level, I'm not aware of a built in solution, you'd need to use a radius server like ISE.

GreenMan
Meraki Employee
Meraki Employee

So you have Meraki WiFi (APs) and the computers are under Systems Manager MDM?
You should be able to use Sentry WiFi with X.509 certs (better than shared keys):

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Configuring_EAP-TLS_W...

 

Trusted Access, as mentioned above, works in a similar way but without taking the device under SM management - which is much preferable for Bring Your own Device scenarios.   You still need Systems Manager licences for those 'own Devices' though

Decaone
Conversationalist

thats exactly what I was lookig for. 

I added a Tag to the wifi access and assigned it to computers.

It works perfectly on Mac, but on Windows it keeps asking for a User and Password.ç

I guess I need to push a certificate to the Windows Machines.

 

EDIT: it was just enough to wait for the profile to install in the Windows machine.

Decaone
Conversationalist

Do you know if is there any similar option for cabled clients?

I'm looking around into VLAN options but I am not sure I'm in the right place...

Thanks!

 

Valerio

Decaone
Conversationalist

Thank you for replying.

The configuration allows me to add trusted users, but I am looking for a way to add "trusted devices", in an automatic way (without configuring the access using MAC Address).

The best would be that the computer checks in Meraki MDM when connecting to the wifi. 
weird stuff, I know 🙂

Looks like there's no such option tho.
I might need to look into a Radius server.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels