Deny access to ssid

RVilhelmsen
Getting noticed

Deny access to ssid

Hi,

 

I have some users connecting to a ssid (let´s call it NetworkA) where authentication is done with Microsoft radius to AD.

Is it somehow possible to automatic deny access to other ssid for a device that´s connected to NetworkA?

 

Regards

Robert

  

12 REPLIES 12
kYutobi
Kind of a big deal

What you can do is block access to SSID from the Clients tab. You can import all the MAC addresses and block them.

 

kYutobi_0-1586360144966.png

 

 

Enthusiast

it´s a way, but not a pretty way 😃

GaryShainberg
Building a reputation

@RVilhelmsen why would a user, that has an active connection to network A SSID then try and connect to the second SSID also how would you having them authenticate on the second ssid ?

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~

maybe some users connect to a less restricted network 😉

Then I would use group policies, once a user has connected to an SSID, assign the policy and then every-time that device connects the policy will control wheat they can do and where. they can go

 

 

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~

how can i block access to other ssid from a group policy?

OK, let me set up a lab to have a look at the best way to do this for you, may take a couple of days, if thats OK

 

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~

Thank you - that´s super fine.

I am stuck and can´t figure out a automatic way to do this.

PhilipDAth
Kind of a big deal
Kind of a big deal

Use dot1x to authenticate the second SSID, and configure RADIUS not to allow the first group of users to connect to it.

I can´t as the other ssid is a guest ssid.

Pulkit_Mittal
Getting noticed

Hi @RVilhelmsen,

I believe tagging can be an alternative for management across SSID for users in different AD groups, similar to https://documentation.meraki.com/MR/Other_Topics/Using_Tags_to_Broadcast_SSIDs_from_Specific_APs

Thanks!
cmr
Kind of a big deal
Kind of a big deal

Use one SSID with iPSK, default it to public VLAN on the RADIUS server and set it so that known MAC addresses go to corporate VLAN.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels