I have read through the Meraki's AP configuration guide about MAC address filtering, and see that it only support via "Association requirements" with "no encryption."
In non-Meraki, Cisco-based Wi-Fi infrastructure, you can use both WPA2 encrypted data and MAC Address filtering.
Does Meraki support Wi-Fi encrypted data configuration and MAC Address filtering?
Solved! Go to Solution.
Meraki currently has MAC filtering through Radius, however there is another method and it is to create a group policy in which you deny everything and to the equipment that you want that if they browse add them to the Full access policy
I haven't been able to find documentation on doing MAC address filtering with wifi over radius. Do you happen to have any documentation or guidance?
Here's the proper solution! Meraki has MAC address filtering "built-in" because Policy settings are so easy. Meraki Policy settings are based on the MAC address. A lot of customers have this question.
There are multiple ways to use a client MAC address to authorize access on a PSK encrypted network. I'll order them easy to hard to implement:
Solution 1. Enable PSK and Click-through Splash and setup a Custom Hosted Splash page that authorizes based on MAC address.
Solution 2. Enable PSK and Click-through Splash and setup a Custom Hosted Splash page that authorizes based on MAC address. You should consider SplashAccess.com instead of building it yourself.
Solution 3. Enable PSK and add a firewall rule for the SSID blocking all access. Then use Meraki's policy settings to apply a whitelist policy or apply a Group Policy but just for devices requiring access.
Solutions requiring a RADIUS Server:
Solution 4. Enable PSK and Sign-on with my RADIUS server and configure your RADIUS server to authorizes based on a MAC address. Most RADIUS servers can do this.
Solution 5. Enable the new feature Identity PSK with RADIUS and configure your RADIUS server to allow specific MAC addresses.
While the previous post accepted as a solution is still sort of correct, you can't choose PSK and "MAC-based auth" at the same time. But MAC based auth / MAB is not the only type of MAC based authentication/authorization. If you DON'T need a PSK, and really want "MAC based auth" you cannot use PSK. This is primarily used with Cisco ISE deployments for guest WiFi. However, I much prefer the built-in Splash page.