Meraki

mak2018 · ‎May 27 2025

I knew this wasn't perfect but it seems like lately its gotten worse. We block mobile devices but Meraki starting blocking mac books recently and even identify them as such and still apply the custom policy to them (IE block primary SSID allow secondary for unmanaged device SSID).

Has anyone seen this recently? You can see below what we block as well as a client who is blocked but his device is not identified as any of the ones on the list to block. We are only seeing this on Macbooks in multiple offices.

RWelch · ‎May 27 2025

NOTE: Some clients may misidentify themselves when specifying the User-Agent string field of an HTTP GET request. Device type policy enforcement is done on a best-effort basis, dependent upon the information that the client provides. When needing to enforce security-focused policies based on device type, we recommend leveraging solutions such as Meraki Systems Manager, or Cisco ISE.

Applying Policies by Device Type

And if you were to use the SEARCH box at the top of the page and look for other similar posts applying policies by device type, you'll likely find it's had similar results as you have discovered.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

mak2018 · ‎May 27 2025

I get that but Mac OS X 10.15 is not something we block, but it is an option to block under policies by device type:

So if we aren't blocking it, why would Meraki report/identify the client as Mac OS X 10.15 and still block it? That is what I am not understanding. Its not like it reported it as an iPhone or any of the 3 other types show above. Just seems like something changed within Meraki's backend to break this.

RWelch · ‎May 27 2025

Obviously it's being mis-identified which is the reason MANY folks don't use this method because it's not the most ideal solution. And Meraki suggests using Meraki Systems Manager or Cisco ISE.

And at the bottom of the dashboard you can provide feedback to the Meraki engineer team.
Give your feedback (previously Make a Wish)

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

mak2018 · ‎May 27 2025

Is it though? 99% of our MacBook's are identified as the exact same thing (MAC OSX 10.15) and don't get blocked. So the portal is reporting it as a device that shouldn't get blocked but blocking it regardless.

alemabrahao · ‎May 27 2025

If you leave MAC OS X as allowed, what is the behavior?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

mak2018 · ‎May 27 2025

Are you saying to specifically allow MAC OS X on the device type filter? Like so? Also what is odd is that we have 0 clients on anything older than 15.3 in our environment. But the majority of our MacBook clients are being identified as MAC OSX 10.15 which I am assuming Meraki just uses it as a catch all for MacBook's if it can't accurately identify what version or device it is?

alemabrahao · ‎May 27 2025

yep 😊

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

Meraki group policies by device type?

Meraki group policies by device type?