Solved: Re: Group Policies with Identity Without PSK

MrRoboto2338 · ‎01-27-2023

So, trying to figure this out. I have 6 Different Identity PSK without Radius Group Policies and If I say set the "iot" PSK Group Policy to be disabled on Fridays, but the Parent SSID "Production" is set to be working from 8 AM to 10 PM.

It doesn't appear the sub group policies schedule have any effect on the parent SSID Access Control settings.

The above has no affect and the iot PSK still works.

alemabrahao · ‎01-27-2023

Nope, you are not scheduling when the SSID will work or not. GP schedule is not for this function.

View solution in original post

MrRoboto2338 · ‎01-27-2023

Does the Group Policy overwrite the SSID Policy?

alemabrahao · ‎01-27-2023

In fact, I don't understand your configuration, where is the configuration of the Parent SSID "Production"? Apparently, your configuration is correct.

MrRoboto2338 · ‎01-27-2023

Production SSID, it seems to override my Group Policy Settings

alemabrahao · ‎01-27-2023

I don't think it will work the way you're hoping. You're stating that you're going to disable the group policy on Fridays for 24 hours, but what do you really intend to disable? The SSID? Or a policy defined in the group policy? Could you explain it a little better, please?

MrRoboto2338 · ‎01-27-2023

If I have 6 different PSK and one of them I want to modify the Group Policy associated with the PSK, why won't that work?

alemabrahao · ‎01-27-2023

The schedule will work for these options:

What exactly are you trying to disable?

MrRoboto2338 · ‎01-27-2023

What is the order of priority for Group Policies? Is the SSID Policy overriding the Group Policy Identity Without PSK?

alemabrahao · ‎01-27-2023

When scheduling is enabled, clock icons next to policies indicate that the respective policy will only be enforced according to the schedule configured below. Outside of the scheduled hours of enforcement, the network default policy will be used.

MrRoboto2338 · ‎01-27-2023

Actually, I have some IOT devices, along with some other devices on an Identity without Radius SSID that I want to run 24/7. The other 5 PSK on that SSID scheduled to run 8 AM to 5 PM. So basically I want a policy for the IOT that is different than the rest of the SSID.

alemabrahao · ‎01-27-2023

Ok, but I don't understand what policies you are testing, Layer 3, Layer 7, bandwidth?

As I understand it, you must create a different group policy for each iPSK, according to what you want to apply for each one.

MrRoboto2338 · ‎01-27-2023

Just want a different availably schedule on specific Group Policy than the SSID Policy above.

alemabrahao · ‎01-27-2023

As @RaphaelL said In your example, you removed Friday from the schedule. The PSK will still be active, but without the GP.

RaphaelL · ‎01-27-2023

How are you testing this ?

In theory it should work. https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

Setting a schedule will enforce or not settings during that period.

In your example , you removed Friday from the schedule. The PSK will still be active , but without the GP.

The example from the documentation is pretty clear.

Edit : Look at 'Scheduling Examples'

MrRoboto2338 · ‎01-27-2023

So I have the IOT Group Policy disabled on Friday, the SSID Policy above it is still available and on during work day. However, when I type in the IOT PSK on a device, I get on no problem. Shouldn't it simply not work?

alemabrahao · ‎01-27-2023

Nope, you are not scheduling when the SSID will work or not. GP schedule is not for this function.

alemabrahao · ‎01-27-2023

However, you can create a policy like this, as mentioned by @RaphaelL

RaphaelL · ‎01-27-2023

That will work. You have to schedule a L3 firewall rule to block trafic. This will prevent IOT from using the SSID on friday. Look at the examples provided.