Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Blocking the MR44 port from being connected to another device

netper
Here to help
‎Dec 31 2023 5:40 AM
‎Dec 31 2023 5:40 AM

Blocking the MR44 port from being connected to another device

Hey all,
I have an all-around Meraki environment including MXs MS switches and MRs. I wanted to know if there's a way for me to block anyone who tries to remove a cable from my access point and use it on his laptop.
Currently the AP's port on the switch is set to 'trunk' and 'open' access policy. When I tried to change the AP to specific MAC addresses it didnt allow any client which is not the AP to use the wifi broadcasted by the AP.

Is Meraki offering any protection to this case?

0 Kudos
Subscribe
7 Replies 7
ww
Kind of a big deal
Kind of a big deal
‎Dec 31 2023 7:28 AM
‎Dec 31 2023 7:28 AM

Secure port 

 

Subscribe
In response to ww
netper
Here to help
‎Dec 31 2023 9:39 AM
‎Dec 31 2023 9:39 AM

@ww  would SecurePort also help in my case? I dont want someone to take the cable of the MR and plug it in to his laptop for connectivity.
If I understood correctly, SecurePort will be useful if someone connects a rouge MR/Meraki device?

0 Kudos
Subscribe
In response to netper
ww
Kind of a big deal
Kind of a big deal
‎Dec 31 2023 10:11 AM
‎Dec 31 2023 10:11 AM

If you use the AP cable and the device is not a Meraki AP you will get a access port config, maybe with unused/limited vlan. When you connect a meraki ap the port will use pre-defined secure port trunk config

0 Kudos
Subscribe
In response to ww
RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 31 2023 4:07 PM
‎Dec 31 2023 4:07 PM

Set a non existing vlan on the default port config. Configure secureport. If an AP is connected the port will be configured on a trunk port with the desired vlans , else the port will be an access port with the non existing vlan which will prevent any authenticated user ( via 802.1X )  from using that port ,even if the user is 'legit'

0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 31 2023 9:48 AM
‎Dec 31 2023 9:48 AM

In my opinion, implementing 802.1x authentication on the ports is the best option.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
netper
Here to help
‎Dec 31 2023 9:58 AM
‎Dec 31 2023 9:58 AM

@alemabrahao  Im not sure how is this going to help, if the user is authenticated he will still be able to use the MR port. Correct?

0 Kudos
Subscribe
In response to netper
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 31 2023 11:24 AM
‎Dec 31 2023 11:24 AM

Not if they are not users that you have created in the domain or the MAC registered if you use MAB.

The best option would be if you had a Cisco ISE in your network to act as a NAC, but an NPS from Mircosoft or a Freeradius would already be of great value.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.