SSID for only one device

SOLVED
AlexG7
Here to help

SSID for only one device

Hi team,

I got a request, user on a site needs a Smart TV (android) connected to the Internet.

There was some problem, TV couldn't see intended SSID and I had to create a SSID just for that one.

Due to device capabilities, I've chosen the WPA2 authentication.

However, I'd like to lock this SSID to only this device.

With older solutions, I restricted access to SSID using MAC filters (or MAC access lists).

I'm not sure if that (or something better) is available?

Thanks!

Alex

1 ACCEPTED SOLUTION
AjitKumar
Head in the Cloud

Hi @AlexG7 

Fews ideas here.

1. Let us have a complex WPA2 Password and we do not share this

 

Or / Plus

 

2. Hidden SSID
Wireless > Configure > SSID availability
Visibility - Hide this SSID

 

Or / Plus

 

3. Deny Access to Network Services [Even if other devices gets through the above 2 will not have access to network]


Wireless > Firewall & traffic shaping
Layer 3 firewall rules
Deny Any Any

 

Network-wide > Clients
Select Android TV - Policy - Whitelisted

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

View solution in original post

5 REPLIES 5
AjitKumar
Head in the Cloud

Hi @AlexG7 

Fews ideas here.

1. Let us have a complex WPA2 Password and we do not share this

 

Or / Plus

 

2. Hidden SSID
Wireless > Configure > SSID availability
Visibility - Hide this SSID

 

Or / Plus

 

3. Deny Access to Network Services [Even if other devices gets through the above 2 will not have access to network]


Wireless > Firewall & traffic shaping
Layer 3 firewall rules
Deny Any Any

 

Network-wide > Clients
Select Android TV - Policy - Whitelisted

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

TV sounds stationary so I would only broadcast that SSID on the closest access point, hide it if you want, but as long as only you know what the WPA2 PSK is then you should be good to go
Nolan Herring | nolanwifi.com
TwitterLinkedIn

Hi Ajit,
thanks, I did points 1 and 3 and it works well...

Hi Ajit,

actually, when I did point 3, it didn't work.

Whitilisting was fine, but the deny any any rule in SSID firewall, that killed all traffic.

 

Just so you know, it may not work as you expected...

AlexG7_0-1576130155231.png

 

AlexG7_1-1576130348735.png

 

 

BrechtSchamp
Kind of a big deal

Don't overthink it.

 

Hidden SSID with a nice PSK broadcasting on the APs near the tv. And then limit what that tv can do based on preference and desired security level. E.g. NAT mode ssid if you just want it to access the internet. In the regular vlan if you want casting features. In its own vlan if you want some more control and visibility. Suitable firewall rules to limit access to the rest of the network and the internet.

 

Some links to check out:

 

https://documentation.meraki.com/MR/Other_Topics/Using_Tags_to_Broadcast_SSIDs_from_Specific_APs

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Modes_for_Client_IP_Assignme...

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Wireless_Client_Isolation

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/MR_Firewall_Rules

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels