802.1X(AD) + MAC Filtering via ISE

Solved
Rayw
Here to help

802.1X(AD) + MAC Filtering via ISE

I currently am only doing 802.1X(AD) on the SSID.  My users have figured out they can get their personal iPhone on the SSID by entering their AD credentials.  I would like to do 802.1X(AD) + MAC Filtering via ISE.  This way the device would have to be in the MAC allowed group plus their AD credentials.  Does anyone how I can accomplish this?

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

There is all the information that you need.

https://documentation.meraki.com/MR/Encryption_and_Authentication/MAC-Based_Access_Control_Using_Cis...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal

This is nothing more than an additional condition in the corresponding rule in the authorization policy. But it is also an administrative nightmare.

The better solution would be to use TEAP with EAP-Chaining.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
KarstenI
Kind of a big deal
Kind of a big deal

Another better solution is to give them internet access on a dedicated SSID (for example, the Guest SSID) for their personal devices.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
alemabrahao
Kind of a big deal
Kind of a big deal

There is all the information that you need.

https://documentation.meraki.com/MR/Encryption_and_Authentication/MAC-Based_Access_Control_Using_Cis...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
jbright
A model citizen

If you have deployed Meraki Systems Manager on your corporate wireless assets, but not the employees personal devices, you can also filter on whether the Systems Manager agent is on the wireless device too.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels