Just fooling around with my home network, and looking into if it is possible to assign varius devices to various vlans based on MAC adress by the use of only Merak and Meraki SM, anyone have any tips?
A second option is to assign access to vlans based on SSID, but what is the preferred way to assign access when the client needs to access say a vlan providing internet, a vlan providing TV services/apple TV/android/chromecast.
For Apple maybe Bonjour broadcast?
You migth say that this is not needed for home deployment, but I´m experimenting because alot of techs say that you need ISE, Clearpass etc. Alongside to provide the sec. And features needed in an ent. Environment, but would it be possible with Meraki only to provide a secure SMB network
You can assign VLANs for wireless dynamically using Group Policies:
And Group Policies can be manually applied to users based on MAC addresses.
Don't think you can do it on the wired side without RADIUS server.
You'll likely experience issues using services like chromecast, apple tv, sonos etc. if they reside in a different VLAN than what your client is in. There are topics about this.
As @BrechtSchamp mentioned, Group Policy is probably the best way. You can even add a client to a network by entering its MAC address in the dashboard, even if the client hasn't connected yet:
This way you can have some clients on different VLANs but on the same SSID. You would probably setup ISE/RADIUS in an enterprise if you want to do this dynamically, e.g. based on group membership in Active Directory etc.
You could also allow traffic like AirPrint, AirPlay etc. by setting firewall rules in group policies.
Not only apple devices use Bonjour.
Most windows clients also run the bonjour service to discover mDNS services on the local LAN.
If you're running mDNS services (like printers or video stuff) you can easily detect that by running a packet capture and look for link local multicast 220.127.116.11/24 and it would actually say mDNS.
If that happens you can very easily forward those messages to the user VLANs by enabling this feature.
You won't get Chromecast discovery (or things like TiVo that use "Googlecast" ) between subnets without using something along the lines of Avahi.
Once you 'discover the devices'things are fine.
I have a Raspberry Pi providing that capability at home (if I don't have control over the behaviour a device it goes onto the Home Appliance network and this is where Chromecasts, TiVOs etc live)
Well group policy and MAC won't work since the users are on different systems at any given time.
I ended up using Jumpcloud and setting attributes to users at this point. Since my intention was to schedule service availability to users and not systems this was the best way.