Question about using MAC Whitelist and daisy chaining switches

raysodyssey · ‎06-10-2022

Consider this diagram. In this setup I want to implement MAC Address whitelisting on Meraki MS250 switch port. The simple switch is connected to that switch port and will be used to connect client devices. My question is, if all three computers with MAC addresses A, B, and Z are connected to the simple switch and the MAC address whitelisting is enabled, would that also block traffic for computer with MAC Address A and B since they are all connected to the same switch port? Or would it only block the computer with MAC address Z and let A and B through?

Thank you for any insights, advice you can provide!

Reza Sharifi · ‎06-10-2022

Hi,

According to this document, once enabled, it will block all MAC addresses except the ones you want to allow. So, in your case it will block everything but you have to specify the MAC addresses for A and B to be allowed.

MAC whitelisting

MAC whitelisting is valuable for networks that aren’t hosting an on-site RADIUS server. Enabling the feature in this case will block all access to a switch port except for the specified MAC addresses. Branch retailers, for example, might find MAC whitelisting useful if they wish to allow only certain devices on their network but don’t want to manage the added complexity of a RADIUS server.

Link to the docuemnt:

https://meraki.cisco.com/blog/2013/06/lock-down-layer-2-access-with-new-switch-features/

HTH

raysodyssey · ‎06-11-2022

Hello,

Thank you for your response. That is intended, we want to block every MAC address except the allowed ones. My confusion is around how it will actually work. Is Cisco Meraki smart enough to block 1 MAC address and allow others connected to the same switch port using another ordinary switch? Would it block the whole switch port now that an unknown MAC address is being reported on the switch port along with the allowed ones?