Here's the proper solution! Meraki has MAC address filtering "built-in" because Policy settings are so easy. Meraki Policy settings are based on the MAC address. A lot of customers have this question.
There are multiple ways to use a client MAC address to authorize access on a PSK encrypted network. I'll order them easy to hard to implement:
Solution 1. Enable PSK and Click-through Splash and setup a Custom Hosted Splash page that authorizes based on MAC address.
Solution 2. Enable PSK and Click-through Splash and setup a Custom Hosted Splash page that authorizes based on MAC address. You should consider SplashAccess.com instead of building it yourself.
Solution 3. Enable PSK and add a firewall rule for the SSID blocking all access. Then use Meraki's policy settings to apply a whitelist policy or apply a Group Policy but just for devices requiring access.
Solutions requiring a RADIUS Server:
Solution 4. Enable PSK and Sign-on with my RADIUS server and configure your RADIUS server to authorizes based on a MAC address. Most RADIUS servers can do this.
Solution 5. Enable the new feature Identity PSK with RADIUS and configure your RADIUS server to allow specific MAC addresses.
While the previous post accepted as a solution is still sort of correct, you can't choose PSK and "MAC-based auth" at the same time. But MAC based auth / MAB is not the only type of MAC based authentication/authorization. If you DON'T need a PSK, and really want "MAC based auth" you cannot use PSK. This is primarily used with Cisco ISE deployments for guest WiFi. However, I much prefer the built-in Splash page.
wireless engineer and startup founder, formerly known as "the API guy", now I run a Furapi
, the therapy dog service, and Lowenberg Labs
, an IT consulting company.