Whitelist a client across multiple networks

Solved
cmr
Kind of a big deal
Kind of a big deal

Whitelist a client across multiple networks

We have a new challenge where we want to whitelist a set of devices so that they avoid the splash page on SSIDs.  It is easy within a network/site, but is there a way to whitelist a selection of MAC addresses for multiple or all networks? 

1 Accepted Solution
TBHPTL
A model citizen

Be very careful when doing this as this allows not only bypass of the  splash page ,it will also bypass any and all security you may have applied to the Meraki MR and MX. Its better to have custom

group policy that adheres to the network rules but bypasses the splash page... or better yet  a dedicated policy that allows only the access you need to allow for these macs.

 

Allow List
Applies the following settings to a client:

Is exempt from all firewall rules, both Layer 3 and Layer 7 (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses AMP
Bypasses a Click-through Splash page 
Bypasses a Billing (paid access) Splash page and access the network on an SSID without paying or authenticating
Bypasses a Sign-on Splash page without authenticating (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Per-client bandwidth limit (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Traffic shaping rules (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses Content filtering on MX Security Appliance 

View solution in original post

3 Replies 3
Brash
Kind of a big deal
Kind of a big deal

Assuming the best way to do this would be to cycle through the networks with the API.

 

Looks like this endpoint would do it:

https://developer.cisco.com/meraki/api-v1/#!provision-network-clients

PhilipDAth
Kind of a big deal
Kind of a big deal

Otherwise you'll have to manually add the client to every network in the dashboard in advance.

 

PhilipDAth_0-1686257660847.png

 

TBHPTL
A model citizen

Be very careful when doing this as this allows not only bypass of the  splash page ,it will also bypass any and all security you may have applied to the Meraki MR and MX. Its better to have custom

group policy that adheres to the network rules but bypasses the splash page... or better yet  a dedicated policy that allows only the access you need to allow for these macs.

 

Allow List
Applies the following settings to a client:

Is exempt from all firewall rules, both Layer 3 and Layer 7 (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses AMP
Bypasses a Click-through Splash page 
Bypasses a Billing (paid access) Splash page and access the network on an SSID without paying or authenticating
Bypasses a Sign-on Splash page without authenticating (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Per-client bandwidth limit (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Traffic shaping rules (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses Content filtering on MX Security Appliance 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels