Meraki - alert when previously unseen device connects to the network

SOLVED
lpopejoy
Building a reputation

Meraki - alert when previously unseen device connects to the network

I understand that "previously unseen" may mean "previously unseen in the last 30 days", but at any rate... does anyone know of a magical way to achieve this?

 

I'm working on security assessment, and that is one of the objectives...

1 ACCEPTED SOLUTION

Accepted Solutions
PhilipDAth
Kind of a big deal

Re: Meraki - alert when previously unseen device connects to the network

Have you considered going the other way, and using something like wired 802.1x to only allow authorised devices to connect?

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X) 

If you have a Meraki MS switch - it's better to do it there.

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X) 

 

802.1x can be complicated to setup.  If you are a smaller organisation and want something simpler, create a firewall that does a "deny any any" - blocking everything.  Then create a group policy called "authorised" which overrides this rule granting access.  Then apply the "authorised" group policy to those clients allowed to connect.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying... 

View solution in original post

5 REPLIES 5
Inderdeep
Head in the Cloud

Re: Meraki - alert when previously unseen device connects to the network

Are you looking for this ?
https://meraki.cisco.com/blog/2013/02/manage-devices-with-instant-alerts/ 

Inderdeep_0-1617912824177.png

 

Regards
Inderdeep Singh
www.thenetworkdna.com
lpopejoy
Building a reputation

Re: Meraki - alert when previously unseen device connects to the network

It only monitors the clients you specify.  What if we want to know if a previously *unknown* client connects?  That's what I'm looking for.  It is SOO close...  

Inderdeep
Head in the Cloud

Re: Meraki - alert when previously unseen device connects to the network

I dont think it is possible as if you talk about the production secure network "unknown clients" will never connected earlier. This is security concerns. 

Regards
Inderdeep Singh
www.thenetworkdna.com
PhilipDAth
Kind of a big deal

Re: Meraki - alert when previously unseen device connects to the network

Have you considered going the other way, and using something like wired 802.1x to only allow authorised devices to connect?

https://documentation.meraki.com/MX/Access_Control_and_Splash_Page/MX_Access_Policies_(802.1X) 

If you have a Meraki MS switch - it's better to do it there.

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X) 

 

802.1x can be complicated to setup.  If you are a smaller organisation and want something simpler, create a firewall that does a "deny any any" - blocking everything.  Then create a group policy called "authorised" which overrides this rule granting access.  Then apply the "authorised" group policy to those clients allowed to connect.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying... 

View solution in original post

lpopejoy
Building a reputation

Re: Meraki - alert when previously unseen device connects to the network

@PhilipDAth, I like your idea of applying a default policy for the VLAN and then over riding it on a per client basis.  The only potential issue I see is that if a device is offline for 30 days for some reason, I think the over ride policy will need to be reapplied, but that should be really rare. 

 

Great suggestion, thank you!  🙂

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.