The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About SteenSN
SteenSN

SteenSN

Comes here often

Member since Jun 5, 2018

‎06-18-2018

Community Record

8
Posts
0
Kudos
0
Solutions

Badges

1st Birthday
First 5 Posts View All
Latest Contributions by SteenSN
  • Topics SteenSN has Participated In
  • Latest Contributions by SteenSN

Re: Active Directory group policy not including security appliance only rul...

by SteenSN in Wireless LAN
‎06-11-2018 12:31 AM
‎06-11-2018 12:31 AM
I have now tried all the settings below 'Security appliance only' and none of them works. I tried to blacklist a single website with no luck.   However, all setting work when I manually choose to set the device policy for the client to the same group policy   My conclusion is - at least in my setup with WPA2 enterprise and RADIUS - that AD groups mapped to Meraki groups only gives the client part of the group policy (layer 3, layer 7 and traffic shaping rules) and that the last part of the policy (security appliance only) is controlled by device policy that has to be set manually. ... View more

Re: Active Directory group policy not including security appliance only rul...

by SteenSN in Wireless LAN
‎06-06-2018 07:11 AM
‎06-06-2018 07:11 AM
Thanks a lot - I'll try that tomorrow  ... View more

Re: Active Directory group policy not including security appliance only rul...

by SteenSN in Wireless LAN
‎06-06-2018 06:56 AM
‎06-06-2018 06:56 AM
Here are my settings: I have blocked every URL pattern (*) only allowing the ones I have whitelisted. This part is only working if I set the device policy to the group policy name manually.     ... View more

Re: Active Directory group policy not including security appliance only rul...

by SteenSN in Wireless LAN
‎06-06-2018 06:20 AM
‎06-06-2018 06:20 AM
You are quite right - the trouble however is, that it's precisely what I've done:     I have no trouble mapping the AD-group and the Meraki policy - only trouble is, that I only get layer 3, layer 7 and traffic shaping rules - none of the rules listed under "Security appliance only" in the Meraki group policy page are working. There seems to be a difference between 802.1x policy and device policy. My testing shows, that AD groups only control layer 3, layer 7 and traffic shaping rules of the Meraki group policy. The last part (the rules below Security appliance only) has to do with a device policy, that needs to be set manually. ... View more

Re: Active Directory group policy not including security appliance only rul...

by SteenSN in Wireless LAN
‎06-05-2018 09:56 AM
‎06-05-2018 09:56 AM
The part that isn't working is the settings on the image to the right. The image on the left shows a client which received the 802.1x policy "EksamenStrict". Below you se no rules for layer 3, layer 7 and a single traffic shaping rule. These rules work fine (also layer 3 and layer 7 if there were any) But note that the device policy says "normal" If I change the device policy to "group policy" and select the "EksamenStrict" Meraki group policy, then the rules on the above image works. It seems as if 802.1x policy only applies to layer 3, layer 7 and traffic shaping rules - the mapping of AD groups and Meraki groups does not include "security appliance only" rules - unless you manually set the device policy.             ... View more

Re: Active Directory group policy not including security appliance only rul...

by SteenSN in Wireless LAN
‎06-05-2018 07:48 AM
‎06-05-2018 07:48 AM
I have already linked AD groups to Meraki groups and it works - for layer 3, layer 7 and traffic shaping rules   What I want is to.be able to put students into AD group on the day of their exam, where they are allowed to use their computer but with at lot of restrictions - here I need the security appliance only restrictions so I can limit their internet access only to a few websites.   That AD group maps to a Meraki group - let's call it "RestrictedExamAccess".   All clients get the right 802.1x policy but it only maps to the layer 3, layer 7 and traffic shaping rules of the Meraki group policy.   For the security appliance only rules I have to manually set each device policy to "RestrictedExamAccess" - which is a poor solution when it has to be done for hundreds of students ... View more

Re: Active Directory group policy not including security appliance only rul...

by SteenSN in Wireless LAN
‎06-05-2018 07:37 AM
‎06-05-2018 07:37 AM
Yes I have set up NPS and use 802.1x WPA2 enterprise with RADIUS ... View more

Active Directory group policy not including security appliance only rules

by SteenSN in Wireless LAN
‎06-05-2018 02:17 AM
‎06-05-2018 02:17 AM
I have followed this guide https://documentation.meraki.com/MX-Z/Group_Policies_and_Blacklisting/Integrating_Active_Directory_with_Group_Policies and it works for layer 3, layer 7 and traffic shaping rules.   The wireless client gets the layer 3, layer 7 and traffic sharping rules just fine, but no security appliance only rules.    My only option to get the security appliance only rules (i.e. blocked website categories, blocked url patterns and so on) to work is to manually set det clients device policy to the same group policy as the 802.1x policy. Then it works fine.   But I don't want to set every clients device policy manually in the dashboard in order to get the security appliance only rules to work. What I would like is to control the group policy including the security appliance only part through active directory group membership.   Is the no way to automatically include the security appliance only part of the group policy automatically?       ... View more
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki