Hello all
Looking for some advice please from you loverly people:-
We have a laptop, we need this laptop to have access to one switch port on our MS210-24P and deny the laptop access to all other ports.
(As an aside I am going to put this port into a seperate Vlan to segregate data traffic from the office Vlan, trunking and DHCP all will be setup,so all good there.)
Any advice on optimal/most secure method to do this please?
Many thanks and kind regards
Matt
Solved! Go to solution.
The only way is to allow the MAC on the port you want and not on the others.
Or you can also use 802.1x authentication on the ports. There's no way to do it the way you want.
MAC allow list: Only devices with MAC addresses specified in this list will have access to this port. Up to 20 MAC addresses can be defined.
Sticky MAC allow list: The switch will dynamically learn the MAC addresses of devices connected to the port and place the address in the MAC Whitelist. The administrator can define the size of this list. When this list is full, all subsequent devices will be denied access to this port. It can take up to 5 minutes for the learned MAC to appear in dashboard.
Many thanks for the reply, but I want the opposite, I want to disallow the Laptop MAC address on all ports EXCEPT one, so the Laptop only has access to the switch on one port.
Kind regards
Matt
The only way is to allow the MAC on the port you want and not on the others.
Or you can also use 802.1x authentication on the ports. There's no way to do it the way you want.
Hi alemabrahao,
Many thanks for he reply and answer, yes you are correct, Meraki support said same thing, no explicit MAC deny capability as yet.
Time to get skilled up on Dot1x it is then 😃
Kind regards
Matt
Meraki MAC filtering works based on Allowing devices not denying them so you would have to add all of the allowed devices to each port.
Can you not restrict access to a single port on the switch at a physical level instead?
Not a great solution - but would disabling all unused ports help?
Hello all,
Many thanks for all your suggestions and help, awesome community this is. I also had a ticket out with Meraki and they have confirmed no explicit deny MAC address capability just yet on a port by port basis. So Dot1x it is, always good to learn new stuff 😀👍