Permit group of MAC address to an SSID and block all others.


Permit group of MAC address to an SSID and block all others.

Have an SSID that is used for a deployment of 36 Sonos Speakers ( not my choice) that are all connected to the same SSID, but someone has given out the password and now it's spreading, and using bandwidth. Changing the password and all the Speakers will be time consuming.


Can I white list just the Sonos Speakers and block all the rest?


There isn't a "guest" WiFi due to misuse.

3 Replies 3
Kind of a big deal
Kind of a big deal

Without the use of a radius server for something like MAC based access control, you could change the SSID to place users into a guest or black holed vlan, or assign firewall rules that prevent network access.

You could then manually apply a group policy to the Sonos speakers that overrides the firewall rules or places them into the correct vlan.

Kind of a big deal

From the top of my head, but besides the suggestion by @Brash, perhaps you could do fixed DHCP assignments on the 36 Sonos speakers and then decrease the DHCP scope to only contain those 36 addresses, and set DHCP required on the SSID.


In theory, the Sonos speakers will get their DHCP address and all is well, and non-Sonos speakers will attempt to get an IP address, but since the scope is exhausted, they will fail to get an IP address. Those clients that has statically assigned IP addresses will not be allowed to Associate to the SSID, due to DHCP Required setting.


I'm just spitballing here, so no guarentee that it would work. 🙂

LinkedIn :::

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Building a reputation

I'm using a different setup for such a solution, which works well, over a year at least:

  1. Whitelist the Sonos speakers (you can do that per SSID)
  2. Then on that given SSID, enable the Splash page feature with Sign-on with Meraki Cloud Authentication
  3. In advanced settings in captive portal strength set block all access + disable self-registration

In this setup all non-whitelisted clients get a splash page asking them to login to meraki, which they will be unable to do, and whitelisted devices don't get the splash page at all.

Works flawlessly on a network with hundreds of devices 🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.