Meraki

Community

MAC Filtering Devices Plugged In To A MX.

Solved
rconiv
Getting noticed
‎Aug 30 2021 1:36 PM
‎Aug 30 2021 1:36 PM

MAC Filtering Devices Plugged In To A MX.

Is it possible to setup something on the MX (we have MX64s and Z3) where anything except for the computer with a specific MAC address won't be able to do anything when plugged in to the VPN box?  I would suspect this would be a basic security feature.  That or is it something that has to be done on our MX100's? 

 

I found a fair number of articles, but most were about IP blocking, not MAC address.  If it can be done, is there documentation somewhere that shows the steps in the Meraki dashboard on how to do this?

Labels:
0 Kudos
1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal
‎Aug 30 2021 2:36 PM
‎Aug 30 2021 2:36 PM

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)

View solution in original post

0 Kudos
6 Replies 6
Bruce
Kind of a big deal
‎Aug 30 2021 2:21 PM
‎Aug 30 2021 2:21 PM

I can’t think of a document that shows how to do this, or whether you can do this with an MX. The closest I think you’ll be able to get it to configure Layer 3 firewalls to deny everything, then create a Group Policy to override the defaults and apply it to the client(s) you want to have access - the Group Policy is associated with the MAC address. It’s not going to be perfect, but should be a start.

0 Kudos
ww
Kind of a big deal
Kind of a big deal
‎Aug 30 2021 2:36 PM
‎Aug 30 2021 2:36 PM

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X)

0 Kudos
In response to ww
rconiv
Getting noticed
‎Aug 30 2021 2:43 PM
‎Aug 30 2021 2:43 PM

ww, your link comes up as page not found, though guessing it is this one.  MX Access Policies (802.1X) - Cisco Meraki

 

Is there any way to do the MAC filtering without a Radius server?

0 Kudos
In response to rconiv
ww
Kind of a big deal
Kind of a big deal
‎Aug 30 2021 3:09 PM
‎Aug 30 2021 3:09 PM

You need a radius for the port auth. The other option is described  by @Bruce 

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Aug 30 2021 3:07 PM
‎Aug 30 2021 3:07 PM

And always be aware that a MAC address can easily be changed so this is not really a "basic security feature", it's more a manageability feature.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
rconiv
Getting noticed
‎Aug 30 2021 3:10 PM
‎Aug 30 2021 3:10 PM

@KarstenI Not as easily as it used to be, but yes I am aware of that.  This is more so for people that go ooh I have a hub now, let me just plug in to this with my personal laptop and get on the internet.

 

Wonder why this isn't something you can just do in the firewall rules where you can just say I want to allow these MAC addresses and nothing more, and not have to go through the process that @Bruce  posted.

0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.