MS policy no alerts / no logs when the policy is hitted (MAB/single host)

damienleick
Getting noticed

MS policy no alerts / no logs when the policy is hitted (MAB/single host)

HI,

 

I encounter a problem with MS switch Policy for our multiple site equipped with MS-120 series.

 

I Explain.

We create a MAB/single host policy linked to our Radius Server to prevent more than 1 computer by ms switch port.

 

On the network we applied the policy on the port #01 of one of our switch for testing. Ont the port #01 I've plug a "dumb switch" and plug a computer in the "dumb-switch".

Here it's okay. Only 1 MAC is detected the switch transfer the auth request to the radius and the radius accept the connexion. (I can see that in my Radius Logs and Meraki switch logs)

 

After that I tried to plug a second computer in the "dumb-switch". Here is the problem.

The second computer cannot acces to the network (it's okay for that it's what we want).

But the dashboard say nothing about this secondary computer connection.

 

No logs for Access-policy hit or visual information in the dashboard or maybe email alerts.

Even the second computer is not detected on the network even if he was refused to access the network.

 

For support we really need to see exactly where the Access-policy is hitted (and maybe see the client name or MAC) and actually the dashboard doesn't do it.

 

Is anyone used this kind of setup and how do you support this kind of situation when your'r note on site ? 

 

I've already open a case and as alaways they said "Make a wish"

 

Thanks

 

4 REPLIES 4
PhilipDAth
Kind of a big deal

Re: MS policy no alerts / no logs when the policy is hitted (MAB/single host)

I don't think you are going to get this information, but for the hell of it you could try setting up a syslog server and see if it logs the event.

damienleick
Getting noticed

Re: MS policy no alerts / no logs when the policy is hitted (MAB/single host)

I don't think the syslog will send more information. Meraki said me there is no way actually.

 

I hope this feature will be add very soon because i can't understand how they forgot that ...

NeilPN
Here to help

Re: MS policy no alerts / no logs when the policy is hitted (MAB/single host)

Hi @damienleick 

 

Are you expecting the Meraki switch or the Radius server to reject the switch access to the network?

damienleick
Getting noticed

Re: MS policy no alerts / no logs when the policy is hitted (MAB/single host)

Yes I expeting that.

 

We create this policy to prevent the connection of two computer on the same switch port thought a dumb switch for example or router.

 

If our customers do that It will not work and he's going to call our support center to know whats going one.

 

If we cannot see what is the poblem, so here a reject connection because of two computer on the same switch port it will be complicated to support the customer. 

 

That why I think knowing where MS switch port poilcy are hitted (and what) is very very usefull and a must to have to have a decent support.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.