As far as I know, the only way to do MAC-address filtering without external AAA is described here: https://documentation.meraki.com/MR/MR_Splash_Page/Using_a_Sign-on_Splash_Page_to_Restrict_Wireless_Access_by_MAC_address It just checks for the MAC-address and bypasses the splash page, so not what you need. To do what you need, you need to implement an external AAA server such as Cisco ISE. More info here: https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise#Configuring_WPA2-Enterprise_with_RADIUS_using_Cisco_ISE And here: https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/workflow/Cisco_ISE_2_7_Admin_Guide_Workflow.html
... View more
