There are several ways you could look at achieving this. To do it based on MAC address, change the default layer 3 firewall rule to deny all access. Then create a group policy to override this, and allow access. Then apply the group policy against the MAC addresses allowed access. You could use iPSK per device instead (simpler, I think). https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS
... View more