Block MAC Address from Switch

Solved
John12
Comes here often

Block MAC Address from Switch

Hi 

 

I cannot seem to find a way to block a MAC address from connecting to MS250-24P switch. is this possible without creating ACLs and Radius servers?

 

Any input would be appreciated as new to meraki.

 

many thanks

1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal

 

Basically the options you have are these,but its more like telling who is allowed:

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Switch_Ports#Port_configuration

  • MAC allow list: Only devices with MAC addresses specified in this list will have access to this port.  Up to 20 MAC addresses can be defined.
  • Sticky MAC allow list: The switch will dynamically learn the MAC addresses of devices connected to the port and place the address in the MAC Whitelist.  The administrator can define the size of this list.  When this list is full, all subsequent devices will be denied access to this port.  It can take up to 5 minutes for the learned MAC to appear in dashboard.
  • User-defined access policy: Administrators may define a policy for authentication via 802.1x or MAB.  Learn more about access policies here.

View solution in original post

4 Replies 4
ww
Kind of a big deal
Kind of a big deal

 

Basically the options you have are these,but its more like telling who is allowed:

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Switch_Ports#Port_configuration

  • MAC allow list: Only devices with MAC addresses specified in this list will have access to this port.  Up to 20 MAC addresses can be defined.
  • Sticky MAC allow list: The switch will dynamically learn the MAC addresses of devices connected to the port and place the address in the MAC Whitelist.  The administrator can define the size of this list.  When this list is full, all subsequent devices will be denied access to this port.  It can take up to 5 minutes for the learned MAC to appear in dashboard.
  • User-defined access policy: Administrators may define a policy for authentication via 802.1x or MAB.  Learn more about access policies here.
PhilipDAth
Kind of a big deal
Kind of a big deal

If you know the IP address the client will get (perhaps via a fixed DHCP reservation), you could create an ACL.  You only need two entries - a deny for that IP address and the a permit any.

https://documentation.meraki.com/MS/Other_Topics/Switch_ACL_Operation 

Brash
Kind of a big deal
Kind of a big deal

Not sure how well it would work but in theory you could create a group policy that blocks all traffic, then manually add the client with the Mac address and assign it the group policy.

ww
Kind of a big deal
Kind of a big deal

I think that is "by client" and that is not supported on switches 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels