Here's the proper solution! Meraki has MAC address filtering "built-in" because Policy settings are so easy. Meraki Policy settings are based on the MAC address. A lot of customers have this question. There are multiple ways to use a client MAC address to authorize access on a PSK encrypted network. I'll order them easy to hard to implement: Solution 1. Enable PSK and Click-through Splash and setup a Custom Hosted Splash page that authorizes based on MAC address. https://documentation.meraki.com/MR/MR_Splash_Page/Using_a_Sign-on_Splash_Page_to_Restrict_Wireless_Access_by_MAC_address Solution 2. Enable PSK and Click-through Splash and setup a Custom Hosted Splash page that authorizes based on MAC address. You should consider SplashAccess.com instead of building it yourself. Solution 3. Enable PSK and add a firewall rule for the SSID blocking all access. Then use Meraki's policy settings to apply a whitelist policy or apply a Group Policy but just for devices requiring access. Solutions requiring a RADIUS Server: Solution 4. Enable PSK and Sign-on with my RADIUS server and configure your RADIUS server to authorizes based on a MAC address. Most RADIUS servers can do this. Solution 5. Enable the new feature Identity PSK with RADIUS and configure your RADIUS server to allow specific MAC addresses. https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_with_RADIUS_Authentication While the previous post accepted as a solution is still sort of correct, you can't choose PSK and "MAC-based auth" at the same time. But MAC based auth / MAB is not the only type of MAC based authentication/authorization. If you DON'T need a PSK, and really want "MAC based auth" you cannot use PSK. This is primarily used with Cisco ISE deployments for guest WiFi. However, I much prefer the built-in Splash page. https://documentation.meraki.com/MR/Encryption_and_Authentication/Enabling_MAC_based_access_control_on_an_SSID
... View more
