Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

802.1X(AD) + MAC Filtering via ISE

Solved
Rayw
Here to help
‎Feb 20 2024 12:12 PM
‎Feb 20 2024 12:12 PM

802.1X(AD) + MAC Filtering via ISE

I currently am only doing 802.1X(AD) on the SSID.  My users have figured out they can get their personal iPhone on the SSID by entering their AD credentials.  I would like to do 802.1X(AD) + MAC Filtering via ISE.  This way the device would have to be in the MAC allowed group plus their AD credentials.  Does anyone how I can accomplish this?

Labels:
0 Kudos
Subscribe
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 20 2024 1:42 PM
‎Feb 20 2024 1:42 PM

There is all the information that you need.

https://documentation.meraki.com/MR/Encryption_and_Authentication/MAC-Based_Access_Control_Using_Cis...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
Subscribe
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Feb 20 2024 1:29 PM
‎Feb 20 2024 1:29 PM

This is nothing more than an additional condition in the corresponding rule in the authorization policy. But it is also an administrative nightmare.

The better solution would be to use TEAP with EAP-Chaining.

0 Kudos
Subscribe
In response to KarstenI
KarstenI
Kind of a big deal
Kind of a big deal
‎Feb 21 2024 2:56 AM
‎Feb 21 2024 2:56 AM

Another better solution is to give them internet access on a dedicated SSID (for example, the Guest SSID) for their personal devices.

0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 20 2024 1:42 PM
‎Feb 20 2024 1:42 PM

There is all the information that you need.

https://documentation.meraki.com/MR/Encryption_and_Authentication/MAC-Based_Access_Control_Using_Cis...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
jbright
A model citizen
‎Feb 20 2024 2:14 PM
‎Feb 20 2024 2:14 PM

If you have deployed Meraki Systems Manager on your corporate wireless assets, but not the employees personal devices, you can also filter on whether the Systems Manager agent is on the wireless device too.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.