Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7065
Views
4
Helpful
5
Replies

SSID for only one device

Go to solution
aleksa
Level 2
Level 2

‎12-11-2019 05:40 PM

Hi team,

I got a request, user on a site needs a Smart TV (android) connected to the Internet.

There was some problem, TV couldn't see intended SSID and I had to create a SSID just for that one.

Due to device capabilities, I've chosen the WPA2 authentication.

However, I'd like to lock this SSID to only this device.

With older solutions, I restricted access to SSID using MAC filters (or MAC access lists).

I'm not sure if that (or something better) is available?

Thanks!

Alex

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
AjitKumar
Level 10
Level 10

‎12-11-2019 06:27 PM

Hi @aleksa

Fews ideas here.

1. Let us have a complex WPA2 Password and we do not share this

Or / Plus

2. Hidden SSID
Wireless > Configure > SSID availability
Visibility - Hide this SSID

Or / Plus

3. Deny Access to Network Services [Even if other devices gets through the above 2 will not have access to network]


Wireless > Firewall & traffic shaping
Layer 3 firewall rules
Deny Any Any

Network-wide > Clients
Select Android TV - Policy - Whitelisted

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

View solution in original post

5 Replies 5

Go to solution
AjitKumar
Level 10
Level 10

‎12-11-2019 06:27 PM

Hi @aleksa

Fews ideas here.

1. Let us have a complex WPA2 Password and we do not share this

Or / Plus

2. Hidden SSID
Wireless > Configure > SSID availability
Visibility - Hide this SSID

Or / Plus

3. Deny Access to Network Services [Even if other devices gets through the above 2 will not have access to network]


Wireless > Firewall & traffic shaping
Layer 3 firewall rules
Deny Any Any

Network-wide > Clients
Select Android TV - Policy - Whitelisted

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

Go to solution
Nolan H.
Level 11
Level 11
In response to AjitKumar

‎12-11-2019 06:39 PM

TV sounds stationary so I would only broadcast that SSID on the closest access point, hide it if you want, but as long as only you know what the WPA2 PSK is then you should be good to go

Go to solution
aleksa
Level 2
Level 2
In response to AjitKumar

‎12-11-2019 06:59 PM

Hi Ajit,
thanks, I did points 1 and 3 and it works well...
0 Helpful

Go to solution
aleksa
Level 2
Level 2
In response to AjitKumar

‎12-11-2019 09:59 PM

Hi Ajit,

actually, when I did point 3, it didn't work.

Whitilisting was fine, but the deny any any rule in SSID firewall, that killed all traffic.

Just so you know, it may not work as you expected...

image.png

image.png

0 Helpful

Go to solution
BrechtSchamp
Level 11
Level 11
In response to aleksa

‎12-11-2019 11:15 PM

Don't overthink it.

Hidden SSID with a nice PSK broadcasting on the APs near the tv. And then limit what that tv can do based on preference and desired security level. E.g. NAT mode ssid if you just want it to access the internet. In the regular vlan if you want casting features. In its own vlan if you want some more control and visibility. Suitable firewall rules to limit access to the rest of the network and the internet.

Some links to check out:

https://documentation.meraki.com/MR/Other_Topics/Using_Tags_to_Broadcast_SSIDs_from_Specific_APs

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/SSID_Modes_for_Client_IP_Assignment

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Wireless_Client_Isolation

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/MR_Firewall_Rules

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card