Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Whitelist a client across multiple networks

Solved
cmr
Kind of a big deal
Kind of a big deal
‎Jun 8 2023 2:49 AM
‎Jun 8 2023 2:49 AM

Whitelist a client across multiple networks

We have a new challenge where we want to whitelist a set of devices so that they avoid the splash page on SSIDs.  It is easy within a network/site, but is there a way to whitelist a selection of MAC addresses for multiple or all networks? 

0 Kudos
Subscribe
1 Accepted Solution
TBHPTL
A model citizen
‎Jun 13 2023 7:06 PM
‎Jun 13 2023 7:06 PM

Be very careful when doing this as this allows not only bypass of the  splash page ,it will also bypass any and all security you may have applied to the Meraki MR and MX. Its better to have custom

group policy that adheres to the network rules but bypasses the splash page... or better yet  a dedicated policy that allows only the access you need to allow for these macs.

 

Allow List
Applies the following settings to a client:

Is exempt from all firewall rules, both Layer 3 and Layer 7 (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses AMP
Bypasses a Click-through Splash page 
Bypasses a Billing (paid access) Splash page and access the network on an SSID without paying or authenticating
Bypasses a Sign-on Splash page without authenticating (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Per-client bandwidth limit (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Traffic shaping rules (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses Content filtering on MX Security Appliance 

View solution in original post

Subscribe
3 Replies 3
Brash
Kind of a big deal
Kind of a big deal
‎Jun 8 2023 3:06 AM
‎Jun 8 2023 3:06 AM

Assuming the best way to do this would be to cycle through the networks with the API.

 

Looks like this endpoint would do it:

https://developer.cisco.com/meraki/api-v1/#!provision-network-clients

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 8 2023 1:54 PM
‎Jun 8 2023 1:54 PM

Otherwise you'll have to manually add the client to every network in the dashboard in advance.

 

PhilipDAth_0-1686257660847.png

 

0 Kudos
Subscribe
TBHPTL
A model citizen
‎Jun 13 2023 7:06 PM
‎Jun 13 2023 7:06 PM

Be very careful when doing this as this allows not only bypass of the  splash page ,it will also bypass any and all security you may have applied to the Meraki MR and MX. Its better to have custom

group policy that adheres to the network rules but bypasses the splash page... or better yet  a dedicated policy that allows only the access you need to allow for these macs.

 

Allow List
Applies the following settings to a client:

Is exempt from all firewall rules, both Layer 3 and Layer 7 (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses AMP
Bypasses a Click-through Splash page 
Bypasses a Billing (paid access) Splash page and access the network on an SSID without paying or authenticating
Bypasses a Sign-on Splash page without authenticating (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Per-client bandwidth limit (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Traffic shaping rules (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses Content filtering on MX Security Appliance 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.