Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

L2 ACL on Meraki WLAN level

nileshkahar
Comes here often
‎Mar 29 2023 8:05 AM
‎Mar 29 2023 8:05 AM

L2 ACL on Meraki WLAN level

Hi,

Is there a way I can apply Layer-2 ACL just like I can on Ruckus WLAN "Firewall Options"? 

If yes, please guide.

Thanks,

Nilesh Kahar.

Labels:
0 Kudos
Subscribe
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Mar 29 2023 8:20 AM
‎Mar 29 2023 8:20 AM

No, but for everything that you want to do, there are better ways to achieve it.

Subscribe
In response to KarstenI
nileshkahar
Comes here often
‎Mar 29 2023 11:21 AM
‎Mar 29 2023 11:21 AM

We are migrating customer from Ruckus to Meraki and one of the ssid is having static mac address list under allowed layer-2 acl. Customer is not using radius auth for this particular ssid so that option is ruled out. Is there any other way I can achieve this mac address whitelisting for particular ssid on meraki mr access points?

0 Kudos
Subscribe
In response to nileshkahar
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Mar 29 2023 11:35 AM
‎Mar 29 2023 11:35 AM

MAC address filtering is not an easy thing to do on Meraki AP's without a radius server.
Usually you have to have a splash login page without valid users and then create a group policy that bypasses that splash page.
You can then add the mac addresses as clients on the client page and apply that group policy to them.

Subscribe
In response to nileshkahar
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 29 2023 1:47 PM
‎Mar 29 2023 1:47 PM

There are several ways you could look at achieving this.

 

To do it based on MAC address, change the default layer 3 firewall rule to deny all access.  Then create a group policy to override this, and allow access.  Then apply the group policy against the MAC addresses allowed access.

 

 

You could use iPSK per device instead (simpler, I think).

https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.