Join us for a month-long contest with heaps of swag to win!Learn More ›
I was wondering if there was a Port Security equivalent like the feature on Cisco Catalyst range - I can see there is a mac address Sticky option but wondering if there is a way of just limiting the number of mac addresses seen on a port.
Wanting a simple solution to control the number of mac addresses seen on a port to prevent rogue switches being connected to an access port - specifically ones that do not run spanning tree as we cannot use BPDU guard to detect them.
Also waiting to avoid having to look at 802.1x or mac based authentication for this setup. just something where we can limit the port to 2 mac addresses (Phone and PC)
Once you set the port to Access, you can set the policy to Sticky whitelist. That will bring up two fields. One is whitelist size limit. You can put down the limit there.
This may be what you're looking for.
You can do this, should be no problem. Make sure you set any port or combination of ports to access (not trunk) mode and you should then see the configuration option for "Access Policy" and you can set that to either "MAC Whitelist" or "Sticky MAC Whitelist". You can select the Sticky MAC Whitelist, and either specify the number of MAC addresses (whitelist limit) you want to allow, 1, 2 up to 20 max I think, and/or you can populate the whitelist with specific MAC addresses if you need to. More info here: https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Switch_Ports
Thank you Both for this information - however, I would like to avoid a Sticky Mac address list as these systems change. I just want to prevent too many devices being connected to an access point at any one time for example if they connected a dumb switch that is not seen by BPDU guard.
The mac whitelist from what I can see you have to know the Mac addresses to allow.
For the Sticky whitelist, I assume once the limit is reached no further devices can be connected even if the others have been disconnected as it stores the mac addresses?
In spite of everyone effort to help, this feature does not exist in Meraki today. I've looked, and tried all the whitelist features and it's not what you (or I) are after