Meraki

Community

Block MAC Address from Switch

Solved
John12
Comes here often
‎Nov 28 2022 6:14 AM
‎Nov 28 2022 6:14 AM

Block MAC Address from Switch

Hi 

 

I cannot seem to find a way to block a MAC address from connecting to MS250-24P switch. is this possible without creating ACLs and Radius servers?

 

Any input would be appreciated as new to meraki.

 

many thanks

Labels:
0 Kudos
1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal
‎Nov 28 2022 6:51 AM
‎Nov 28 2022 6:51 AM

 

Basically the options you have are these,but its more like telling who is allowed:

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Switch_Ports#Port_configuration

  • MAC allow list: Only devices with MAC addresses specified in this list will have access to this port.  Up to 20 MAC addresses can be defined.
  • Sticky MAC allow list: The switch will dynamically learn the MAC addresses of devices connected to the port and place the address in the MAC Whitelist.  The administrator can define the size of this list.  When this list is full, all subsequent devices will be denied access to this port.  It can take up to 5 minutes for the learned MAC to appear in dashboard.
  • User-defined access policy: Administrators may define a policy for authentication via 802.1x or MAB.  Learn more about access policies here.

View solution in original post

4 Replies 4
ww
Kind of a big deal
Kind of a big deal
‎Nov 28 2022 6:51 AM
‎Nov 28 2022 6:51 AM

 

Basically the options you have are these,but its more like telling who is allowed:

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Switch_Ports#Port_configuration

  • MAC allow list: Only devices with MAC addresses specified in this list will have access to this port.  Up to 20 MAC addresses can be defined.
  • Sticky MAC allow list: The switch will dynamically learn the MAC addresses of devices connected to the port and place the address in the MAC Whitelist.  The administrator can define the size of this list.  When this list is full, all subsequent devices will be denied access to this port.  It can take up to 5 minutes for the learned MAC to appear in dashboard.
  • User-defined access policy: Administrators may define a policy for authentication via 802.1x or MAB.  Learn more about access policies here.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 28 2022 10:55 AM
‎Nov 28 2022 10:55 AM

If you know the IP address the client will get (perhaps via a fixed DHCP reservation), you could create an ACL.  You only need two entries - a deny for that IP address and the a permit any.

https://documentation.meraki.com/MS/Other_Topics/Switch_ACL_Operation 

0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎Nov 28 2022 11:52 AM
‎Nov 28 2022 11:52 AM

Not sure how well it would work but in theory you could create a group policy that blocks all traffic, then manually add the client with the Mac address and assign it the group policy.

0 Kudos
In response to Brash
ww
Kind of a big deal
Kind of a big deal
‎Nov 28 2022 2:21 PM
‎Nov 28 2022 2:21 PM

I think that is "by client" and that is not supported on switches 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.