MAC Filtering Devices Plugged In To A MX.

SOLVED
rconiv
Here to help

MAC Filtering Devices Plugged In To A MX.

Is it possible to setup something on the MX (we have MX64s and Z3) where anything except for the computer with a specific MAC address won't be able to do anything when plugged in to the VPN box?  I would suspect this would be a basic security feature.  That or is it something that has to be done on our MX100's? 

 

I found a fair number of articles, but most were about IP blocking, not MAC address.  If it can be done, is there documentation somewhere that shows the steps in the Meraki dashboard on how to do this?

1 ACCEPTED SOLUTION
ww
Kind of a big deal
Kind of a big deal
6 REPLIES 6
Bruce
Kind of a big deal

I can’t think of a document that shows how to do this, or whether you can do this with an MX. The closest I think you’ll be able to get it to configure Layer 3 firewalls to deny everything, then create a Group Policy to override the defaults and apply it to the client(s) you want to have access - the Group Policy is associated with the MAC address. It’s not going to be perfect, but should be a start.

ww
Kind of a big deal
Kind of a big deal
rconiv
Here to help

ww, your link comes up as page not found, though guessing it is this one.  MX Access Policies (802.1X) - Cisco Meraki

 

Is there any way to do the MAC filtering without a Radius server?

ww
Kind of a big deal
Kind of a big deal

You need a radius for the port auth. The other option is described  by @Bruce 

KarstenI
Kind of a big deal

And always be aware that a MAC address can easily be changed so this is not really a "basic security feature", it's more a manageability feature.

@KarstenI Not as easily as it used to be, but yes I am aware of that.  This is more so for people that go ooh I have a hub now, let me just plug in to this with my personal laptop and get on the internet.

 

Wonder why this isn't something you can just do in the firewall rules where you can just say I want to allow these MAC addresses and nothing more, and not have to go through the process that @Bruce  posted.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels