Meraki

Community

Whitelist a client across multiple networks

Solved
cmr
Kind of a big deal
Kind of a big deal
‎Jun 8 2023 2:49 AM
‎Jun 8 2023 2:49 AM

Whitelist a client across multiple networks

We have a new challenge where we want to whitelist a set of devices so that they avoid the splash page on SSIDs.  It is easy within a network/site, but is there a way to whitelist a selection of MAC addresses for multiple or all networks? 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
1 Accepted Solution
TBHPTL
A model citizen
‎Jun 13 2023 7:06 PM
‎Jun 13 2023 7:06 PM

Be very careful when doing this as this allows not only bypass of the  splash page ,it will also bypass any and all security you may have applied to the Meraki MR and MX. Its better to have custom

group policy that adheres to the network rules but bypasses the splash page... or better yet  a dedicated policy that allows only the access you need to allow for these macs.

 

Allow List
Applies the following settings to a client:

Is exempt from all firewall rules, both Layer 3 and Layer 7 (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses AMP
Bypasses a Click-through Splash page 
Bypasses a Billing (paid access) Splash page and access the network on an SSID without paying or authenticating
Bypasses a Sign-on Splash page without authenticating (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Per-client bandwidth limit (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Traffic shaping rules (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses Content filtering on MX Security Appliance 

View solution in original post

3 Replies 3
Brash
Kind of a big deal
Kind of a big deal
‎Jun 8 2023 3:06 AM
‎Jun 8 2023 3:06 AM

Assuming the best way to do this would be to cycle through the networks with the API.

 

Looks like this endpoint would do it:

https://developer.cisco.com/meraki/api-v1/#!provision-network-clients

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 8 2023 1:54 PM
‎Jun 8 2023 1:54 PM

Otherwise you'll have to manually add the client to every network in the dashboard in advance.

 

PhilipDAth_0-1686257660847.png

 

0 Kudos
TBHPTL
A model citizen
‎Jun 13 2023 7:06 PM
‎Jun 13 2023 7:06 PM

Be very careful when doing this as this allows not only bypass of the  splash page ,it will also bypass any and all security you may have applied to the Meraki MR and MX. Its better to have custom

group policy that adheres to the network rules but bypasses the splash page... or better yet  a dedicated policy that allows only the access you need to allow for these macs.

 

Allow List
Applies the following settings to a client:

Is exempt from all firewall rules, both Layer 3 and Layer 7 (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses AMP
Bypasses a Click-through Splash page 
Bypasses a Billing (paid access) Splash page and access the network on an SSID without paying or authenticating
Bypasses a Sign-on Splash page without authenticating (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Per-client bandwidth limit (Applies to both the MX Security Appliance and the MR Access Points)
Is exempt from Traffic shaping rules (Applies to both the MX Security Appliance and the MR Access Points)
Bypasses Content filtering on MX Security Appliance 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.