Meraki

Community

802.1x preauth ACL

Solved
IsaiahGrothe
Conversationalist
‎Feb 18 2021 6:36 AM
‎Feb 18 2021 6:36 AM

802.1x preauth ACL

Is it possible to configure a pre-authentication ACL for interfaces configured with wired 802.1x authentication?  I would like to have selective network access allowed in the state prior to successful authentication, and then overridden by a dACL granting full access if/when authentication passes.

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 18 2021 10:47 AM
‎Feb 18 2021 10:47 AM

No.  You can just change the VLAN.

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 18 2021 10:47 AM
‎Feb 18 2021 10:47 AM

No.  You can just change the VLAN.

In response to PhilipDAth
IsaiahGrothe
Conversationalist
‎Feb 18 2021 2:48 PM
‎Feb 18 2021 2:48 PM

Okay.  Is any traffic at all (DHCP / DNS / PXE / etc.) allowed to pass on the switchport prior to authentication?  Or is an unauthenticated endpoint completely isolated?

0 Kudos
In response to IsaiahGrothe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 18 2021 2:51 PM
‎Feb 18 2021 2:51 PM

Completely isolated unless you configure a guest VLAN and authentication does not occur.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.