[ASK] mac filter with PSK

luthfigibrani
Here to help

[ASK] mac filter with PSK

Hi..

I want to know, is it possible to filter specified mac-address can join ssid with PSK Authentication?

In the dash board only MAC-based access control (no encryption) with radius.

 

Thanks and Regards,

Gibs

9 Replies 9
luthfigibrani
Here to help

I mean, we assign mac-address list manually on the dashboard not using radius

 

alemabrahao
Kind of a big deal
Kind of a big deal

Unfortunately, the only way is using a Radius server.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
KarstenI
Kind of a big deal
Kind of a big deal

The best way is to do it with a radius-server. There you can define which MAC-addresses are allowed and also pass the correct passphrase for encryption to the AP. This is done with "iPSK with RADIUS".

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
luthfigibrani
Here to help

What about white-listing mac-address on client menu per ssid? As image attached:

IMG_20221125_175745.jpg

 is there any trick to make it happen?

alemabrahao
Kind of a big deal
Kind of a big deal

I think it is not what you want. When you put the client in an allow list it will apply the following settings to a client:

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Block_Listing_and_All...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
KarstenI
Kind of a big deal
Kind of a big deal

It is not a trick, it just won't do what you were asking for as the PC could still join the SSID.

If the workflow is ok for you it can be implemented this way:

  • Default policy is to block everything (or perhaps allow DHCP)
  • the client connects to the SSID
  • the client gets whitelisted on the dashboard by applying the right policy
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
luthfigibrani
Here to help

So every client still can associate with the ssid, since the firewall rule is deny all. Only the white-listed client could use the ssid for communication. Is that right? 

In other words, white-listing is a way to bypass any firewall/policy rule, isnt it?

 

alemabrahao
Kind of a big deal
Kind of a big deal

yep

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels