Firewall Policy Layer 3 base on mac address

Black
Comes here often

Firewall Policy Layer 3 base on mac address

How to make policy Firewall Layer 3 Lan Network base on mac address client

11 Replies 11
ww
Kind of a big deal
Kind of a big deal

You can create a group policy

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Creating_and_Applying...

 

On the dashboard client view you can "add client" mac and assign the policy

 

Black
Comes here often

can u show it sir. im try it not work

ww
Kind of a big deal
Kind of a big deal

ww_0-1668503287531.png

 

Black
Comes here often

Device policy by default rule deny any any, that mean new device can't access internet or tunnel. 

 

And then i create new rule policy device allow any any for user lan access internet or tunnel. 

 

But big problem mr33 down because mac address mr33 can't show for move rule allow any any

alemabrahao
Kind of a big deal
Kind of a big deal

On the client list go Add client so put the mac address and select allow list:

 

alemabrahao_0-1668511950417.png

 

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Black
Comes here often

Meraki MR33 mac address hide, not show at mx client, but manual add mac address and input group device allow any any that working? 

alemabrahao
Kind of a big deal
Kind of a big deal

It is not shown because he never connected to the network, my suggestion is to create an exclusive management network for the APs and create a group policy allowing everything and applying the VLAN Interface. You are over-complicating something that is supposed to be simple.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Black
Comes here often

Ya, im mean discconecting. 

Only management, but for user wifi and lan same segment? 

 

so complicated this network, not my design. and I have to solve all cases with existing network. 

 

I'm not familiar with Meraki, need a guide

 

Im sorry sir 😁😁😁

 

alemabrahao
Kind of a big deal
Kind of a big deal

Just add the client as explained before and It will work:

 

alemabrahao_0-1668517408306.png

 

Meraki has a lot of articles and documentation that can help you.

 

https://documentation.meraki.com/MR/Group_Policies_and_Block_Lists/Pre-configure_Network_Policy_for_...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

You don't need to ask for sorry, It's a pleasure to help.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

And yes, It will work.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels