Meraki

jOMeraki2

Hello Community,

I have a question regarding blocking a client on Meraki MS switches.

Our network is using Meraki MS switches with routing on a Meraki Core switch.
I am not looking to use ACLs, and my requirement is to block a user based on MAC address at the switch level.

If I use the “Block client” option from the Dashboard, will it effectively block the client by MAC across the switches?

If not, what is the recommended MAC-based method to block a user on Meraki MS switches?

Thank you for your support.

GIdenJoe

When you block a client manually via dashboard that client will be blocked from passing traffic on MR's and MX devices. Switches are a bit different and can only rely on either port-security or 802.1X/MAB to get devices onto the network.

So if the client is directly connected on the switch you can either put a fake mac address in the port security list or just disable the port.

View solution in original post

KarstenI

The mentioned "Block Client" is the way to go. But be aware that MAC blocking alone is often not enough, as users can change their device's MAC address and still gain access.

If you really want to control network access, implementing 802.1X is the way to go.

EDIT: @GIdenJoe is, of course, right; it was too long ago that I had to deal with that. The consequences are still valid!

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

GIdenJoe

When you block a client manually via dashboard that client will be blocked from passing traffic on MR's and MX devices. Switches are a bit different and can only rely on either port-security or 802.1X/MAB to get devices onto the network.

So if the client is directly connected on the switch you can either put a fake mac address in the port security list or just disable the port.

Meraki

Community

MAC-based client blocking on Meraki MS switches

MAC-based client blocking on Meraki MS switches