topic Re: Port ACL / MAC filter in Cloud Networking Platform

Port ACL / MAC filter

Davidc24781 — Mon, 08 Feb 2021 14:22:21 GMT

Hello all, please forgive if this is a stupid question. I'm still learning my way around. I did some searching but still feel like I don't understand. I was tasked with configuring a Meraki MX68W. 2 Users will connect direct to ports, 3 users will connect wirelessly.

I would like to lock down physical ports only to MACs that I allow. If joe schmo tries to plug in, he will get blocked. Is this a firewall setting or am I missing an Access Control setting somewhere?

I also would like to so the same thing with the wireless SSID I created. I don't have a Radius server. My setup is simple, I think.

I was hoping for a simple solution of entering allowed MACs and if someone is't on the list, they just don't get in.

Can someone please guide me in the right direction?

Re: Port ACL / MAC filter

Davidc24781 — Mon, 08 Feb 2021 14:37:21 GMT

In further reading I guess I could disable unused ports. I also did see I can set a port as Trunk or Access. But seems like this will require a Radius server to compare against.

I'm still trying to figure out wireless. I'm already hiding SSID broadcast but am stuck at my original post.

Re: Port ACL / MAC filter

ww^ — Mon, 08 Feb 2021 15:30:09 GMT

What you can do is block all traffic at network firewall level. And then whitelist or assign a specific group policy to the clients that need access to the network

Re: Port ACL / MAC filter

Davidc24781 — Mon, 08 Feb 2021 16:03:24 GMT

ok, I see what you're saying...if there is a template applied to other Meraki's, and I go to Network-wide to create a group policy for my network (which is not under any template) will this affect other Meraki's? I'm just trying to be cautious I don't break other things lol

Re: Port ACL / MAC filter

Davidc24781 — Tue, 09 Feb 2021 13:14:02 GMT

OK, maybe I have this down. Here are my steps. Can someone please confirm

1. Make sure I'm under the Network I created

2. Go to Security & SD WAN - Firewall

3. Add rule Deny Any Any

4. Go to Network-Wide - Clients

5. Add Clients to : Allowed List

Does this look right?

Re: Port ACL / MAC filter

Davidc24781 — Wed, 10 Feb 2021 15:24:30 GMT

I appreciate the info, can you look at my steps and see if they will work?

Re: Port ACL / MAC filter

ww^ — Thu, 11 Feb 2021 14:17:15 GMT

I would whitelist them first. Then deny any any

Re: Port ACL / MAC filter

Davidc24781 — Thu, 11 Feb 2021 20:59:39 GMT

Interesting thing, it kind of worked.

It blocked a unauthorized user from outside network access but I was hoping to block internal network access as well.

I had to create a L7 rule that blocked my entire network to somewhat achieve what I wanted. Of course making sure my authorized users are getting my Allow group policy.

I guess it'll do for the needs I have. Thanks.

Re: Port ACL / MAC filter

SCampisi — Tue, 31 Aug 2021 14:00:08 GMT

did you ever get a definitive solution that worked reliably? i am needing to do the same thing and i am also unfamiliar with the dashboard.

I saw your steps and i done have a "Security and SD Wan" - Firewall setting in my menus? can you give me more detail on that steps you followed?

thanks for any help you can give me

Re: Port ACL / MAC filter

Davidc24781 — Tue, 31 Aug 2021 15:01:56 GMT

Hey there, sticking with the steps I did was good enough.

I go to Network to make sure I'm on correct group. Then below that I have access to Security and SD Wan

If you don't see it, you might not have rights? If you see Appliance Status then you know you're in the right place.