Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Moving MAC-based ACLs onto Meraki Switches

Solved
navysubvet
Here to help
‎Jun 15 2023 5:53 AM
‎Jun 15 2023 5:53 AM

Moving MAC-based ACLs onto Meraki Switches

Is it possible to duplicate my existing MAC ACLs on Cat 3ks, and build them on the Meraki MS Switches? Is there another way to accomplish this via policies or?

 

Example:

Extended MAC access list ACME

 permit host 001x.002x.003x any

0 Kudos
Subscribe
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 15 2023 12:00 PM
‎Jun 15 2023 12:00 PM

There is no MAC ACL Group on Meraki Switch. But you can use it:

 

  • MAC allow list: Only devices with MAC addresses specified in this list will have access to this port.  Up to 20 MAC addresses can be defined.
  • Sticky MAC allow list: The switch will dynamically learn the MAC addresses of devices connected to the port and place the address in the MAC Whitelist.  The administrator can define the size of this list.  When this list is full, all subsequent devices will be denied access to this port.  It can take up to 5 minutes for the learned MAC to appear in dashboard.

 

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Switch_Ports

 

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 15 2023 12:00 PM
‎Jun 15 2023 12:00 PM

There is no MAC ACL Group on Meraki Switch. But you can use it:

 

  • MAC allow list: Only devices with MAC addresses specified in this list will have access to this port.  Up to 20 MAC addresses can be defined.
  • Sticky MAC allow list: The switch will dynamically learn the MAC addresses of devices connected to the port and place the address in the MAC Whitelist.  The administrator can define the size of this list.  When this list is full, all subsequent devices will be denied access to this port.  It can take up to 5 minutes for the learned MAC to appear in dashboard.

 

https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Switch_Ports

 

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
navysubvet
Here to help
‎Jun 18 2023 3:10 AM
‎Jun 18 2023 3:10 AM

Follow-up question...

Most of the ACLs have only 1-2 MACs, but there are a few with more than 20 MAC listed. Should I go with the Sticky MAC option on those ports? Will it allow me to enter all the macs there?

0 Kudos
Subscribe
In response to navysubvet
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 18 2023 4:36 AM
‎Jun 18 2023 4:36 AM

Yes, you can define the size of this list, so I think that It's the best option.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
navysubvet
Here to help
‎Jun 18 2023 7:14 AM
‎Jun 18 2023 7:14 AM

Thank You. I really appreciate your help

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.