Meraki

Community

802.1X(AD) + MAC Filtering via ISE

Solved
Rayw
Here to help
‎Feb 20 2024 12:12 PM
‎Feb 20 2024 12:12 PM

802.1X(AD) + MAC Filtering via ISE

I currently am only doing 802.1X(AD) on the SSID.  My users have figured out they can get their personal iPhone on the SSID by entering their AD credentials.  I would like to do 802.1X(AD) + MAC Filtering via ISE.  This way the device would have to be in the MAC allowed group plus their AD credentials.  Does anyone how I can accomplish this?

Labels:
0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 20 2024 1:42 PM
‎Feb 20 2024 1:42 PM

There is all the information that you need.

https://documentation.meraki.com/MR/Encryption_and_Authentication/MAC-Based_Access_Control_Using_Cis...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Feb 20 2024 1:29 PM
‎Feb 20 2024 1:29 PM

This is nothing more than an additional condition in the corresponding rule in the authorization policy. But it is also an administrative nightmare.

The better solution would be to use TEAP with EAP-Chaining.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
KarstenI
Kind of a big deal
Kind of a big deal
‎Feb 21 2024 2:56 AM
‎Feb 21 2024 2:56 AM

Another better solution is to give them internet access on a dedicated SSID (for example, the Guest SSID) for their personal devices.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 20 2024 1:42 PM
‎Feb 20 2024 1:42 PM

There is all the information that you need.

https://documentation.meraki.com/MR/Encryption_and_Authentication/MAC-Based_Access_Control_Using_Cis...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
jbright
A model citizen
‎Feb 20 2024 2:14 PM
‎Feb 20 2024 2:14 PM

If you have deployed Meraki Systems Manager on your corporate wireless assets, but not the employees personal devices, you can also filter on whether the Systems Manager agent is on the wireless device too.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.