- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WPA2 PSK with MAC Address Filter
I have read through the Meraki's AP configuration guide about MAC address filtering, and see that it only support via "Association requirements" with "no encryption."
In non-Meraki, Cisco-based Wi-Fi infrastructure, you can use both WPA2 encrypted data and MAC Address filtering.
Does Meraki support Wi-Fi encrypted data configuration and MAC Address filtering?
Thanks
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The „fine manual“ is correct (as almost always): you can have PSK or MAC filtering in Meraki world. Not both.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The „fine manual“ is correct (as almost always): you can have PSK or MAC filtering in Meraki world. Not both.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Meraki currently has MAC filtering through Radius, however there is another method and it is to create a group policy in which you deny everything and to the equipment that you want that if they browse add them to the Full access policy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I haven't been able to find documentation on doing MAC address filtering with wifi over radius. Do you happen to have any documentation or guidance?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here's the proper solution! Meraki has MAC address filtering "built-in" because Policy settings are so easy. Meraki Policy settings are based on the MAC address. A lot of customers have this question.
There are multiple ways to use a client MAC address to authorize access on a PSK encrypted network. I'll order them easy to hard to implement:
Solution 1. Enable PSK and Click-through Splash and setup a Custom Hosted Splash page that authorizes based on MAC address.
Solution 2. Enable PSK and Click-through Splash and setup a Custom Hosted Splash page that authorizes based on MAC address. You should consider SplashAccess.com instead of building it yourself.
Solution 3. Enable PSK and add a firewall rule for the SSID blocking all access. Then use Meraki's policy settings to apply a whitelist policy or apply a Group Policy but just for devices requiring access.
Solutions requiring a RADIUS Server:
Solution 4. Enable PSK and Sign-on with my RADIUS server and configure your RADIUS server to authorizes based on a MAC address. Most RADIUS servers can do this.
Solution 5. Enable the new feature Identity PSK with RADIUS and configure your RADIUS server to allow specific MAC addresses.
https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_with_RADIUS_Authentication
While the previous post accepted as a solution is still sort of correct, you can't choose PSK and "MAC-based auth" at the same time. But MAC based auth / MAB is not the only type of MAC based authentication/authorization. If you DON'T need a PSK, and really want "MAC based auth" you cannot use PSK. This is primarily used with Cisco ISE deployments for guest WiFi. However, I much prefer the built-in Splash page.
wireless engineer and startup founder, formerly known as "the API guy", now I run a Furapi, the therapy dog service, and Lowenberg Labs, an IT consulting company.