Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Access-policy - Can you return a "Filter-id" (Group policy name) on access-reject + guest ?

thomasthomsen
Head in the Cloud
‎Nov 21 2023 2:24 PM
‎Nov 21 2023 2:24 PM

Access-policy - Can you return a "Filter-id" (Group policy name) on access-reject + guest ?

Behind the subject is the thought: If I return a group policy (filter-id) in the access-reject message from my radius server will the switch honor this, and apply the GP to the client ?

 

The thought is to apply a GP, with additional ACLs, to clients being placed in the guest network for an access-policy.

 

Thanks

 

/Thomas

 

0 Kudos
Subscribe
5 Replies 5
Ryan_Miles
Meraki Employee
Meraki Employee
‎Nov 21 2023 2:40 PM
‎Nov 21 2023 2:40 PM

Reject or accept? On accept yes it can apply a GP by using filter-ID https://documentation.meraki.com/MS/Access_Control/Meraki_MS_Group_Policy_Access_Control_Lists#Confi...

Subscribe
thomasthomsen
Head in the Cloud
‎Nov 21 2023 11:19 PM
‎Nov 21 2023 11:19 PM

So the answer is no. It can only apply GP on accept.

0 Kudos
Subscribe
In response to thomasthomsen
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 22 2023 3:30 AM
‎Nov 22 2023 3:30 AM

It does not make any sense but ok.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
GreenMan
Meraki Employee
Meraki Employee
‎Nov 22 2023 8:45 AM
‎Nov 22 2023 8:45 AM

If an access-reject is sent, the switch won't permit access, so I'm not sure how applying a group policy would help?

0 Kudos
Subscribe
In response to GreenMan
thomasthomsen
Head in the Cloud
‎Nov 26 2023 10:50 AM
‎Nov 26 2023 10:50 AM

Well the though was that when you utilize Guest VLAN, then the client would be put into that VLAN on an access-reject. And I would just like to return some more config to that Guest access.

 

https://documentation.meraki.com/@api/deki/files/3974/MS_802.1X_auth_flow_chart.png?revision=1&size=...

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.