cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Air Marshal and MR templates

New here

Air Marshal and MR templates

Started out my latest deployment in test utilizing templates which I love, however, noticed that if your devices in your network are bound by template you cannot change the drop down for containment on LAN to auto contain rogue devices on LAN.  Talked to meraki support about it and they did say that's known.  Was wondering if anyone just gave up on templates because of that or found a work around?

1 REPLY 1
Meraki Employee

Re: Air Marshal and MR templates

Hi @MerakiTexan Just noticed this unanswered post from a couple weeks ago.  Correct that this setting is not templatized and is not (at least not yet) accessible via the Dashboard API.  Every use case is different but generally speaking most customers choose to NOT auto-contain rogues, but instead send alerts when rogues are detected and investigate if/when needed.  Auto-containment can be problematic and very disruptive depending on the use case.  Rogues can be on the LAN without being related to actual active attacks.  Think of things like wireless printers that are typically on the wired LAN but also broadcast a "hey I'm a printer" SSID by default.  While that can certainly pose a possible risk and attack surface into your infrastructure, it's not an active attacker plugging in a rogue AP to your network, and it may be better to get alerted versus run active containment against those devices.  The rogue SSIDs typically need to be classified manually anyway on the AirMarshal page.  More info here: https://documentation.meraki.com/MR/Monitoring_and_Reporting/Air_Marshal

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.