Hi team,
I got a request, user on a site needs a Smart TV (android) connected to the Internet.
There was some problem, TV couldn't see intended SSID and I had to create a SSID just for that one.
Due to device capabilities, I've chosen the WPA2 authentication.
However, I'd like to lock this SSID to only this device.
With older solutions, I restricted access to SSID using MAC filters (or MAC access lists).
I'm not sure if that (or something better) is available?
Thanks!
Alex
Solved! Go to Solution.
Hi @AlexG7
Fews ideas here.
1. Let us have a complex WPA2 Password and we do not share this
Or / Plus
2. Hidden SSID
Wireless > Configure > SSID availability
Visibility - Hide this SSID
Or / Plus
3. Deny Access to Network Services [Even if other devices gets through the above 2 will not have access to network]
Wireless > Firewall & traffic shaping
Layer 3 firewall rules
Deny Any Any
Network-wide > Clients
Select Android TV - Policy - Whitelisted
Hi @AlexG7
Fews ideas here.
1. Let us have a complex WPA2 Password and we do not share this
Or / Plus
2. Hidden SSID
Wireless > Configure > SSID availability
Visibility - Hide this SSID
Or / Plus
3. Deny Access to Network Services [Even if other devices gets through the above 2 will not have access to network]
Wireless > Firewall & traffic shaping
Layer 3 firewall rules
Deny Any Any
Network-wide > Clients
Select Android TV - Policy - Whitelisted
Hi Ajit,
actually, when I did point 3, it didn't work.
Whitilisting was fine, but the deny any any rule in SSID firewall, that killed all traffic.
Just so you know, it may not work as you expected...
Don't overthink it.
Hidden SSID with a nice PSK broadcasting on the APs near the tv. And then limit what that tv can do based on preference and desired security level. E.g. NAT mode ssid if you just want it to access the internet. In the regular vlan if you want casting features. In its own vlan if you want some more control and visibility. Suitable firewall rules to limit access to the rest of the network and the internet.
Some links to check out:
https://documentation.meraki.com/MR/Other_Topics/Using_Tags_to_Broadcast_SSIDs_from_Specific_APs
https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Wireless_Client_Isolation
https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/MR_Firewall_Rules