Configure MAC-based access by creating group policies

Here to help

Configure MAC-based access by creating group policies



In a network that only has an MS120-8FP switch and 2 MR46 APs installed, would it be possible to use a group policy to perform MAC filtering or I need a MX64?


I have configured in Wireless -> Firewall & Traffic shaping a rule denying all traffic like in the photo shows.



Is it enough for implementing MAC filtering? This option has not been tested yet, I'll try it tomorrow.



Kind of a big deal
Kind of a big deal

Do you want to enable MAB on Wireless?



I want to enable a MAC filtering in anyway. I've seen 2 ways:


1. Enable MAB in association but I need a RADIUS server.

2. Configure a 3 Lay rule and apply a group policy but I don't have a MX installed in the network. 


I would like to use the second option but I don't know if it is possible without a MX.



To use MAB on wireless a Radius server is required. To use on the LAN segment you can use a allow list on each port:




Ok, I want to use in wireless devices.



For a wireless device, you can assign a group policy by device type. And just allow clients that do you want to use the wireless on a different group policy.






I have never tested It before, but I can test and share the results.





Thank you so much. I'll try to test it tomorrow.

Getting noticed

I would make the Deny rule for all traffic, not just Local LAN.  Then for the clients you want to have access, you would go to Network Wide, Clients, check the box for the client you want to allow access, choose Policy at the top, and add them to the Allow List.


Keep in mind that this method isn't very secure, since MAC addresses can be spoofed.


This topic has some good info on a couple of different approaches and screenshots:

Solved: Restrict access by PSK and MAC? - The Meraki Community




Ok, I'll change this configuration parameter in the Deny Rule.


Thank you!

Kind of a big deal
Kind of a big deal

You can use iPSK on the SSID without RADIUS for up to 50 clients. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.